Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
178 vulnerabilities found for Firepower Threat Defense by Cisco
VAR-202112-0566
Vulnerability from variot - Updated: 2026-03-09 23:19Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: Red Hat AMQ Streams 1.8.4 release and security update Advisory ID: RHSA-2021:5138-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:5138 Issue date: 2021-12-14 CVE Names: CVE-2021-44228 ==================================================================== 1. Summary:
Red Hat AMQ Streams 1.8.4 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 1.8.4 serves as a replacement for Red Hat AMQ Streams 1.8.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
- log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- References:
https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=1.8.4 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYblI5tzjgjWX9erEAQjb2w/+IySGyUK1nRexUTqiupBqCswjKe/HgWcI cxkZPlLSmU1UszQIqk8z3Btcb0TAqfPLVHNfLmCiq8gJk0fH4gfmF5gBQvpNnwVd E0qCdbELYgulTy6uGu7tqdWLnYX+jixkrm2xE/CBMNHNceISeRc99jBYyX4aOPlt bbOmCG5Nv6niBS5KnacWrBJr1kYTjilbP02GT6i9WQWUMyWcrGo+1z0mEJYNZSCk 4G8ha8QnUaR8aZnbFvpf3GaelMqkyMezdgJTLyIk+dhLvNs/FgR+6Pf/VdNghT40 XmUkqohXkxWgIzZP0ttr1NY+BMGNTJsSxpvCdul73OExdg49fRPvN6vmYToc5Yqj BIUmqmxwfLsxt1nB9VlcwLmBI+0868rxEoE5gAemDJD3hNIK3L0azhBXBKhBwVsg gcfKTR2km3WEodoqRYDnRIX3/HOk1lAydPzzBuiIA+VIEU433TBKksThR2qaIayW t+OiZnbIFl8q+hkTpV4NgSnEyGz7cMzJmtY1VhpMQRpz9x5BmQX4M/kF3HdWhttf 29Bfo3JxmZ01SRtZTlv1LxtXRwq4/m+iyfKM9xa0WxjUelUJYcVeZkHO4TEKDiY1 IGKljVA5lpz996GWg1lJBaPEYNsVLgyB4sapqZGoxAzLZDUQZuuEtRC1mhXQQFCV VjWNTjjcyI4=rLTN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
An update is now available for OpenShift Logging 5.1. Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
2021-12-11: VMSA-2021-0028.1 Updated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway.
2021-12-13: VMSA-2021-0028.2 Revised advisory with updates to multiple products. \x95 VMware HCX \x95 VMware NSX-T Data Center \x95 VMware WorkspaceOne Access \x95 VMware Identity Manager \x95 VMware vRealize Operations Cloud Proxy \x95 VMware vRealize Lifecycle Manager \x95 VMware Site Recovery Manager, vSphere Replication \x95 VMware Carbon Black Cloud Workload Appliance \x95 VMware Carbon Black EDR Server \x95 VMware Tanzu GemFire \x95 VMware Tanzu Greenplum \x95 VMware Tanzu Operations Manager \x95 VMware Tanzu Application Service for VMs \x95 VMware Tanzu Kubernetes Grid Integrated Edition \x95 VMware Tanzu Observability by Wavefront Nozzle \x95 Healthwatch for Tanzu Application Service \x95 Spring Cloud Services for VMware Tanzu \x95 API Portal for VMware Tanzu \x95 Single Sign-On for VMware Tanzu Application Service \x95 App Metrics \x95 VMware vCenter Cloud Gateway \x95 VMware Cloud Foundation \x95 VMware Workspace ONE Access Connector \x95 VMware Horizon DaaS \x95 VMware Horizon Cloud Connector \x95 VMware NSX Data Center for vSphere \x95 VMware AppDefense Appliance \x95 VMware Cloud Director Object Storage Extension
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.17900.52\\)"
},
{
"_id": null,
"model": "virtualized infrastructure manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.001\\)"
},
{
"_id": null,
"model": "integrated management controller supervisor",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.2.1"
},
{
"_id": null,
"model": "customer experience cloud agent",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.12.1"
},
{
"_id": null,
"model": "6bk1602-0aa42-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.5"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.000\\(001\\)"
},
{
"_id": null,
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "unified workforce optimization",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "automated subsea tuning",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "02.01.00"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(2\\)"
},
{
"_id": null,
"model": "desigo cc info center",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1\\(1\\)"
},
{
"_id": null,
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.000.115"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.0"
},
{
"_id": null,
"model": "capital",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4.65000.14\\)"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(2.26\\)"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5"
},
{
"_id": null,
"model": "6bk1602-0aa32-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.000\\)"
},
{
"_id": null,
"model": "network assurance engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2.1912\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.4\\(1\\)"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "video surveillance operations manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14.4"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"_id": null,
"model": "spectrum power 7",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"_id": null,
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020.1"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1h\\)"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.2"
},
{
"_id": null,
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.002\\)"
},
{
"_id": null,
"model": "fog director",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "comos",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "10.4.2"
},
{
"_id": null,
"model": "prime service catalog",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1"
},
{
"_id": null,
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.2.8"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "21.3"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(2\\)"
},
{
"_id": null,
"model": "ucs central",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1p\\)"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.10.0"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.3"
},
{
"_id": null,
"model": "mindsphere",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-16"
},
{
"_id": null,
"model": "crosswork data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.1"
},
{
"_id": null,
"model": "nexus dashboard",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.2"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"_id": null,
"model": "crosswork network controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "cloudcenter suite admin",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.1"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.0"
},
{
"_id": null,
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.002\\(000\\)"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(4.018\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.7"
},
{
"_id": null,
"model": "e-car operation center",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(2\\)"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1f\\)"
},
{
"_id": null,
"model": "connected mobile experiences",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5.1.1"
},
{
"_id": null,
"model": "spectrum power 4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"_id": null,
"model": "unified communications manager im and presence service",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "network assurance engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.2"
},
{
"_id": null,
"model": "brocade san navigator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.003\\(002.000\\)"
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4\\(1\\)"
},
{
"_id": null,
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.18119.2\\)"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1b\\)"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.004\\(000.914\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6.1"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.3.4.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.18900.97\\)"
},
{
"_id": null,
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.8"
},
{
"_id": null,
"model": "synchro",
"scope": "lt",
"trust": 1.0,
"vendor": "bentley",
"version": "6.2.4.2"
},
{
"_id": null,
"model": "packaged contact center enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5\\(1\\)"
},
{
"_id": null,
"model": "6bk1602-0aa12-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"_id": null,
"model": "cyber vision sensor management extension",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3"
},
{
"_id": null,
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "crosswork platform infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.007\\(000.356\\)"
},
{
"_id": null,
"model": "unified communications manager im \\\u0026 presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.3"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.4"
},
{
"_id": null,
"model": "vm access proxy",
"scope": "lt",
"trust": 1.0,
"vendor": "snowsoftware",
"version": "3.6"
},
{
"_id": null,
"model": "intersight virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.9-343"
},
{
"_id": null,
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"_id": null,
"model": "6bk1602-0aa22-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4.0"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"_id": null,
"model": "industrial edge management",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "virtual topology system",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6.7"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0\\(1\\)"
},
{
"_id": null,
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "006.008\\(001.000\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1c\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6.3.1"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.002\\(001\\)"
},
{
"_id": null,
"model": "ontap tools",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"_id": null,
"model": "cloudcenter",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.16"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.006\\(000.156\\)"
},
{
"_id": null,
"model": "virtualized voice browser",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"_id": null,
"model": "oneapi sample browser",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "sentron powermanager",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"_id": null,
"model": "cloudcenter cost optimizer",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.2"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(3\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.8"
},
{
"_id": null,
"model": "mendix",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1d\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1g\\)"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.0\\(2\\)"
},
{
"_id": null,
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.000\\)"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4.2.1"
},
{
"_id": null,
"model": "opcenter intelligence",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.010\\(000.000\\)"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.2"
},
{
"_id": null,
"model": "dna center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.3.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"_id": null,
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.2"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0"
},
{
"_id": null,
"model": "unified communications manager im \\\u0026 presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.22900.6\\)"
},
{
"_id": null,
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.3"
},
{
"_id": null,
"model": "sppa-t3000 ses3000",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "cx cloud agent",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "001.012"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.10.0.1"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "integrated management controller supervisor",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.2.0"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2.1v2"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4.5.2"
},
{
"_id": null,
"model": "iot operations dashboard",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ucs director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.8.2.0"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.1"
},
{
"_id": null,
"model": "capital",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "crosswork platform infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.1"
},
{
"_id": null,
"model": "cyber vision",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2"
},
{
"_id": null,
"model": "siveillance vantage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "unified sip proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "010.000\\(000\\)"
},
{
"_id": null,
"model": "optical network controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0"
},
{
"_id": null,
"model": "solidfire \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "dna center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.0"
},
{
"_id": null,
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.13"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.7"
},
{
"_id": null,
"model": "crosswork optimization engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "synchro",
"scope": "gte",
"trust": 1.0,
"vendor": "bentley",
"version": "6.1"
},
{
"_id": null,
"model": "dna center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.2.8"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1\\(1\\)"
},
{
"_id": null,
"model": "nx",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "datacenter manager",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "5.1"
},
{
"_id": null,
"model": "navigator",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(1.26\\)"
},
{
"_id": null,
"model": "prime service catalog",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.1"
},
{
"_id": null,
"model": "energyip prepay",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.8.0.12"
},
{
"_id": null,
"model": "business process automation",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.000.000"
},
{
"_id": null,
"model": "gma-manager",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6.2j-398"
},
{
"_id": null,
"model": "unified intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "mobility services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "broadworks",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.4"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5"
},
{
"_id": null,
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.5"
},
{
"_id": null,
"model": "synchro 4d",
"scope": "lt",
"trust": 1.0,
"vendor": "bentley",
"version": "6.4.3.2"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "data center network manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(001.002\\)"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6"
},
{
"_id": null,
"model": "desigo cc advanced reports",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.0"
},
{
"_id": null,
"model": "spectrum power 4",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.70"
},
{
"_id": null,
"model": "cloud connect",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.4.1"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2\\(1\\)"
},
{
"_id": null,
"model": "siguard dsa",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.2"
},
{
"_id": null,
"model": "vesys",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2021.1"
},
{
"_id": null,
"model": "siguard dsa",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.4.1"
},
{
"_id": null,
"model": "finesse",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "advanced malware protection virtual private cloud appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5.4"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "solidfire enterprise sds",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "energy engage",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(2\\)"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1e\\)"
},
{
"_id": null,
"model": "computer vision annotation tool",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "snow commander",
"scope": "lt",
"trust": 1.0,
"vendor": "snowsoftware",
"version": "8.10.0"
},
{
"_id": null,
"model": "cloud insights",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "crosswork optimization engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"_id": null,
"model": "log4j",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4.66000.14\\)"
},
{
"_id": null,
"model": "genomics kernel library",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5"
},
{
"_id": null,
"model": "cyber vision sensor management extension",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.21900.40\\)"
},
{
"_id": null,
"model": "network insights for data center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0\\(2.1914\\)"
},
{
"_id": null,
"model": "automated subsea tuning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"_id": null,
"model": "finesse",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.001\\(000.518\\)"
},
{
"_id": null,
"model": "xpedition package integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "optical network controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.22900.28\\)"
},
{
"_id": null,
"model": "secure device onboard",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "unified workforce optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "siveillance viewpoint",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "industrial edge management hub",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2021-12-13"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "solid edge harness design",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"_id": null,
"model": "contact center domain manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "dna spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"_id": null,
"model": "intersight virtual appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.9-361"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"_id": null,
"model": "virtualized infrastructure manager",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4.0"
},
{
"_id": null,
"model": "virtual topology system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6.6"
},
{
"_id": null,
"model": "unified customer voice portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.0\\(1\\)"
},
{
"_id": null,
"model": "spectrum power 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.30"
},
{
"_id": null,
"model": "crosswork zero touch provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "contact center management portal",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.4.1"
},
{
"_id": null,
"model": "6bk1602-0aa52-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.7.0"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.1.3"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0\\(1\\)"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.6"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"_id": null,
"model": "network dashboard fabric controller",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.3\\(1\\)"
},
{
"_id": null,
"model": "smart phy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "broadworks",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2021.11_1.162"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.000\\(000.458\\)"
},
{
"_id": null,
"model": "siveillance command",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.16.2.1"
},
{
"_id": null,
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.0"
},
{
"_id": null,
"model": "identity services engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "003.002\\(000.116\\)"
},
{
"_id": null,
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "operation scheduler",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1.3"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "vesys",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2019.1"
},
{
"_id": null,
"model": "emergency responder",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(4\\)"
},
{
"_id": null,
"model": "logo\\! soft comfort",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "emergency responder",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5"
},
{
"_id": null,
"model": "crosswork network automation",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0"
},
{
"_id": null,
"model": "packaged contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"_id": null,
"model": "dna spaces\\: connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.5"
},
{
"_id": null,
"model": "solid edge cam pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.000.044"
},
{
"_id": null,
"model": "smart phy",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.2"
},
{
"_id": null,
"model": "energyip",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "9.0"
},
{
"_id": null,
"model": "virtualized infrastructure manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4.4"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(2\\)"
},
{
"_id": null,
"model": "cloud manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "head-end system universal device integration system",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"_id": null,
"model": "crosswork network controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1"
},
{
"_id": null,
"model": "unity connection",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"_id": null,
"model": "paging server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3\\(1\\)"
},
{
"_id": null,
"model": "nexus insights",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.2"
},
{
"_id": null,
"model": "webex meetings server",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.000.009"
},
{
"_id": null,
"model": "unity connection",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1.10000.6\\)"
},
{
"_id": null,
"model": "system studio",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "siveillance control pro",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "20.5"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)su3"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.0"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.15.0"
},
{
"_id": null,
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "unity connection",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"_id": null,
"model": "cloudcenter suite",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.15"
},
{
"_id": null,
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1a\\)"
},
{
"_id": null,
"model": "opcenter intelligence",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.5"
},
{
"_id": null,
"model": "cloudcenter workload manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.2"
},
{
"_id": null,
"model": "fxos",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"_id": null,
"model": "business process automation",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.000.000"
},
{
"_id": null,
"model": "identity services engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6"
},
{
"_id": null,
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "20.6.2.1"
},
{
"_id": null,
"model": "solid edge harness design",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2020"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1k\\)"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "wan automation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.3.0.2"
},
{
"_id": null,
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.3.5.1"
},
{
"_id": null,
"model": "video surveillance manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.14\\(3.025\\)"
},
{
"_id": null,
"model": "teamcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "xpedition enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"_id": null,
"model": "dna center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.3.4"
},
{
"_id": null,
"model": "workload optimization manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"_id": null,
"model": "ucs central software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0\\(1l\\)"
},
{
"_id": null,
"model": "dna spaces connector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "finesse",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6\\(1\\)"
},
{
"_id": null,
"model": "common services platform collector",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "002.009\\(000.001\\)"
},
{
"_id": null,
"model": "rhythmyx",
"scope": "lte",
"trust": 1.0,
"vendor": "percussion",
"version": "7.3.2"
},
{
"_id": null,
"model": "paging server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "14.4.1"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5\\(1\\)"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"credits": {
"_id": null,
"data": "Much of the content of this vulnerability note is derived from Apache Log4j Security Vulnerabilities and http://slf4j.org/log4shell.html.This document was written by Art Manion.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"cve": "CVE-2021-44228",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-44228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-407408",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-408570",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44228",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44228",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-44228",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-407408",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408570",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-44228",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "VULMON",
"id": "CVE-2021-44228"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"description": {
"_id": null,
"data": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 AffectedCVE-2021-4104 Affected\nCVE-2021-44228 Affected\nCVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: Red Hat AMQ Streams 1.8.4 release and security update\nAdvisory ID: RHSA-2021:5138-01\nProduct: Red Hat JBoss AMQ\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:5138\nIssue date: 2021-12-14\nCVE Names: CVE-2021-44228\n====================================================================\n1. Summary:\n\nRed Hat AMQ Streams 1.8.4 is now available from the Red Hat Customer\nPortal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.8.4 serves as a replacement for Red\nHat AMQ Streams 1.8.0, and includes security and bug fixes, and\nenhancements. \n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an\nattacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44228\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-009\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYblI5tzjgjWX9erEAQjb2w/+IySGyUK1nRexUTqiupBqCswjKe/HgWcI\ncxkZPlLSmU1UszQIqk8z3Btcb0TAqfPLVHNfLmCiq8gJk0fH4gfmF5gBQvpNnwVd\nE0qCdbELYgulTy6uGu7tqdWLnYX+jixkrm2xE/CBMNHNceISeRc99jBYyX4aOPlt\nbbOmCG5Nv6niBS5KnacWrBJr1kYTjilbP02GT6i9WQWUMyWcrGo+1z0mEJYNZSCk\n4G8ha8QnUaR8aZnbFvpf3GaelMqkyMezdgJTLyIk+dhLvNs/FgR+6Pf/VdNghT40\nXmUkqohXkxWgIzZP0ttr1NY+BMGNTJsSxpvCdul73OExdg49fRPvN6vmYToc5Yqj\nBIUmqmxwfLsxt1nB9VlcwLmBI+0868rxEoE5gAemDJD3hNIK3L0azhBXBKhBwVsg\ngcfKTR2km3WEodoqRYDnRIX3/HOk1lAydPzzBuiIA+VIEU433TBKksThR2qaIayW\nt+OiZnbIFl8q+hkTpV4NgSnEyGz7cMzJmtY1VhpMQRpz9x5BmQX4M/kF3HdWhttf\n29Bfo3JxmZ01SRtZTlv1LxtXRwq4/m+iyfKM9xa0WxjUelUJYcVeZkHO4TEKDiY1\nIGKljVA5lpz996GWg1lJBaPEYNsVLgyB4sapqZGoxAzLZDUQZuuEtRC1mhXQQFCV\nVjWNTjjcyI4=rLTN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nAn update is now available for OpenShift Logging 5.1. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n2021-12-11: VMSA-2021-0028.1\nUpdated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway. \n\n2021-12-13: VMSA-2021-0028.2\nRevised advisory with updates to multiple products. \n\\x95\tVMware HCX\n\\x95\tVMware NSX-T Data Center\n\\x95\tVMware WorkspaceOne Access\n\\x95\tVMware Identity Manager \n\\x95\tVMware vRealize Operations Cloud Proxy\n\\x95\tVMware vRealize Lifecycle Manager\n\\x95\tVMware Site Recovery Manager, vSphere Replication\n\\x95\tVMware Carbon Black Cloud Workload Appliance\n\\x95\tVMware Carbon Black EDR Server\n\\x95\tVMware Tanzu GemFire\n\\x95\tVMware Tanzu Greenplum\n\\x95\tVMware Tanzu Operations Manager\n\\x95\tVMware Tanzu Application Service for VMs\n\\x95\tVMware Tanzu Kubernetes Grid Integrated Edition\n\\x95\tVMware Tanzu Observability by Wavefront Nozzle\n\\x95\tHealthwatch for Tanzu Application Service\n\\x95\tSpring Cloud Services for VMware Tanzu\n\\x95\tAPI Portal for VMware Tanzu\n\\x95\tSingle Sign-On for VMware Tanzu Application Service\n\\x95\tApp Metrics\n\\x95\tVMware vCenter Cloud Gateway\n\\x95\tVMware Cloud Foundation\n\\x95\tVMware Workspace ONE Access Connector\n\\x95\tVMware Horizon DaaS\n\\x95\tVMware Horizon Cloud Connector\n\\x95\tVMware NSX Data Center for vSphere\n\\x95\tVMware AppDefense Appliance\n\\x95\tVMware Cloud Director Object Storage Extension\n\nYou are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44228"
},
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "VULMON",
"id": "CVE-2021-44228"
},
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
}
],
"trust": 2.25
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-407408",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-44228",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#930724",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "165260",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-479842",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-714170",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-661247",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-397453",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/14/4",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/15/3",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "165311",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165225",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165532",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165281",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165306",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165673",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165282",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165371",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167794",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167917",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165270",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165261",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165642",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165307",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/13/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/13/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/10/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "171626",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "165343",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "165329",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165333",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165295",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165326",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165297",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165264",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50592",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "50590",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-407408",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/18/1",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-01776",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408570",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-44228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165286",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "VULMON",
"id": "CVE-2021-44228"
},
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"id": "VAR-202112-0566",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
}
],
"trust": 0.7961849514285715
},
"last_update_date": "2026-03-09T23:19:31.555000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-44228: Remote code injection via crafted log messages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4eae9b09b97da57f4ca6103cc85ed4da"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45046: Incomplete fix for CVE-2021-44228 in certain non-default configurations",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b88a8ce4fc53c3a45830bc6bbde8b01c"
},
{
"title": "Debian Security Advisories: DSA-5020-1 apache-log4j2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=24c79c59809a2c5bcddc81889b23a6bc"
},
{
"title": "Debian Security Advisories: DSA-5022-1 apache-log4j2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5ba53229ef5f408ed29126bd4f624def"
},
{
"title": "IBM: Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dbdfcf9d51b60adf542d500e515b9ba8"
},
{
"title": "Red Hat: CVE-2021-44228",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-44228"
},
{
"title": "IBM: An update on the Apache Log4j 2.x vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0648a3f00f067d373b069c4f2acd5db4"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1553",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1553"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c8b40ff47e1d31bee8b0fbdbdd4fe212"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=654a4f5a7bd1fdfd229558535923710b"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1731",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1731"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1730",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1730"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-44228 log"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/canarieids/Zeek-Ubuntu-22.04 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/f5devcentral/f5-professional-services "
},
{
"title": "Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet "
},
{
"title": "spring-on-k8s",
"trust": 0.1,
"url": "https://github.com/AndriyKalashnykov/spring-on-k8s "
},
{
"title": "jaygooby",
"trust": 0.1,
"url": "https://github.com/jaygooby/jaygooby "
},
{
"title": "log4j-log4shell-playground",
"trust": 0.1,
"url": "https://github.com/rgl/log4j-log4shell-playground "
},
{
"title": "Log4j",
"trust": 0.1,
"url": "https://github.com/kaganoglu/Log4j "
},
{
"title": "trivy-cve-scan",
"trust": 0.1,
"url": "https://github.com/broadinstitute/trivy-cve-scan "
},
{
"title": "test-44228",
"trust": 0.1,
"url": "https://github.com/datadavev/test-44228 "
},
{
"title": "cve-2021-44228-helpers",
"trust": 0.1,
"url": "https://github.com/uint0/cve-2021-44228-helpers "
},
{
"title": "log4j-vendor-list",
"trust": 0.1,
"url": "https://github.com/bizzarecontacts/log4j-vendor-list "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-44228 "
},
{
"title": "log4shell",
"trust": 0.1,
"url": "https://github.com/0xsyr0/log4shell "
},
{
"title": "cve-2021-44228-qingteng-online-patch",
"trust": 0.1,
"url": "https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch "
},
{
"title": "cve-2021-44228",
"trust": 0.1,
"url": "https://github.com/corelight/cve-2021-44228 "
},
{
"title": "Log4Shell-IOCs",
"trust": 0.1,
"url": "https://github.com/curated-intel/Log4Shell-IOCs "
},
{
"title": "Sitecore.Solr-log4j-mitigation",
"trust": 0.1,
"url": "https://github.com/avwolferen/Sitecore.Solr-log4j-mitigation "
},
{
"title": "check-log4j",
"trust": 0.1,
"url": "https://github.com/yahoo/check-log4j "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-44228"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.2
},
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-917",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"trust": 1.2,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
},
{
"trust": 1.2,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"trust": 1.2,
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213189"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/mar/23"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jul/11"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/dec/2"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167794/open-xchange-app-suite-7.10.x-cross-site-scripting-command-injection.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167917/mobileiron-log4shell-remote-command-execution.html"
},
{
"trust": 1.1,
"url": "https://github.com/nu11secur1ty/cve-mitre/tree/main/cve-2021-44228"
},
{
"trust": 1.1,
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165225/apache-log4j2-2.14.1-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165260/vmware-security-advisory-2021-0028.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165261/apache-log4j2-2.14.1-information-disclosure.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165270/apache-log4j2-2.14.1-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165281/log4j2-log4shell-regexes.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165282/log4j-payload-generator.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165306/l4sh-log4j-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165307/log4j-remote-code-execution-word-bypassing.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-extensive-scanner.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165371/vmware-security-advisory-2021-0028.4.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165532/log4shell-http-header-injection.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165642/vmware-vcenter-server-unauthenticated-log4shell-jndi-injection-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/165673/unifi-network-application-unauthenticated-log4shell-remote-code-execution.html"
},
{
"trust": 1.1,
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"trust": 1.1,
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/software-list.md"
},
{
"trust": 1.1,
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"trust": 1.1,
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"trust": 1.1,
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/171626/ad-manager-plus-7122-remote-code-execution.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-44228"
},
{
"trust": 0.8,
"url": "cve-2021-4104 "
},
{
"trust": 0.8,
"url": "cve-2021-44228 "
},
{
"trust": 0.8,
"url": "cve-2021-45046 "
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44228"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m5csvunv4hwzzxgoknsk6l7rpm7bokib/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vu57ujdcfiasio35gc55jmksrxjmcdfm/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2021/dsa-5022"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eokpqgv24rrbbi4tbzudqmm4meh7mxcy/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sig7fzulmnk2xf6fzru4vwydqxnmugaj/"
},
{
"trust": 0.1,
"url": "https://www.cve.org/cverecord?id=cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/18/1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.8.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5128"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/security/advisories/vmsa-2021-0028.html"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "https://lists.vmware.com/mailman/listinfo/security-announce."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
},
{
"db": "VULHUB",
"id": "VHN-407408"
},
{
"db": "VULHUB",
"id": "VHN-408570"
},
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
},
{
"db": "NVD",
"id": "CVE-2021-44228"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#930724",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-407408",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-408570",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-44228",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165295",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165286",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165343",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165260",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-44228",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CERT/CC",
"id": "VU#930724",
"ident": null
},
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-407408",
"ident": null
},
{
"date": "2021-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-408570",
"ident": null
},
{
"date": "2021-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44228",
"ident": null
},
{
"date": "2021-12-15T15:26:54",
"db": "PACKETSTORM",
"id": "165295",
"ident": null
},
{
"date": "2021-12-15T15:20:33",
"db": "PACKETSTORM",
"id": "165286",
"ident": null
},
{
"date": "2021-12-17T14:05:45",
"db": "PACKETSTORM",
"id": "165343",
"ident": null
},
{
"date": "2021-12-14T15:27:58",
"db": "PACKETSTORM",
"id": "165260",
"ident": null
},
{
"date": "2021-12-10T10:15:09.143000",
"db": "NVD",
"id": "CVE-2021-44228",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-02-07T00:00:00",
"db": "CERT/CC",
"id": "VU#930724",
"ident": null
},
{
"date": "2023-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-407408",
"ident": null
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-408570",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44228",
"ident": null
},
{
"date": "2026-02-20T16:15:59.363000",
"db": "NVD",
"id": "CVE-2021-44228",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165260"
}
],
"trust": 0.1
},
"title": {
"_id": null,
"data": "Apache Log4j allows insecure JNDI lookups",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930724"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165295"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165343"
},
{
"db": "PACKETSTORM",
"id": "165260"
}
],
"trust": 0.4
}
}
VAR-202310-0175
Vulnerability from variot - Updated: 2026-03-09 20:20The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
The purpose of this text-only errata is to inform you about the security issues fixed. See references for release notes.
Description:
This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13.
Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7610.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.12.45 packages and security update Advisory ID: RHSA-2023:7610-03 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:7610 Issue date: 2023-12-06 Revision: 03 CVE Names: CVE-2023-44487 ====================================================================
Summary:
Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.45. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:7608
Security Fix(es):
-
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
-
python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Solution:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://bugzilla.redhat.com/show_bug.cgi?id=2246310
. ========================================================================== Ubuntu Security Notice USN-6427-2 October 19, 2023
dotnet8 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
.NET could be made to crash if it received specially crafted network traffic.
Software Description: - dotnet8: .NET CLI tools and runtime
Details:
USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8.
Original advisory details:
It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: aspnetcore-runtime-8.0 8.0.0~rc2-0ubuntu1 dotnet-host-8.0 8.0.0~rc2-0ubuntu1 dotnet-hostfxr-8.0 8.0.0~rc2-0ubuntu1 dotnet-runtime-8.0 8.0.0~rc2-0ubuntu1 dotnet-sdk-8.0 8.0.100~rc2-0ubuntu1 dotnet8 8.0.100-8.0.0~rc2-0ubuntu1
In general, a standard system update will make all the necessary changes.
Description:
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "node healthcheck operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "secure dynamic attributes connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.0"
},
{
"model": "varnish cache",
"scope": "lt",
"trust": 1.0,
"vendor": "varnish cache",
"version": "2023-10-10"
},
{
"model": "decision manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nginx plus",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "build of quarkus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.100"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "cost management",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2\\(7\\)"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "kong gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "konghq",
"version": "3.4.2"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "prime network registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"model": "integration camel k",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "integration service registry",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "migration toolkit for applications",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "solr",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.4.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "iot field network director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.11.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "openshift distributed tracing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6"
},
{
"model": "cbl-mariner",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-11"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "big-ip next",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "20.0.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.2"
},
{
"model": "unified contact center enterprise - live data server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6.2"
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(5\\)"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "caddy",
"scope": "lt",
"trust": 1.0,
"vendor": "caddyserver",
"version": "2.7.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "expressway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "nghttp2",
"scope": "lt",
"trust": 1.0,
"vendor": "nghttp2",
"version": "1.57.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift pipelines",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "unified contact center domain manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.0"
},
{
"model": "openshift secondary scheduler operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.1"
},
{
"model": "grpc",
"scope": "gte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.0"
},
{
"model": "swiftnio http\\/2",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "1.28.0"
},
{
"model": "openshift dev spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "windows 10 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19044.3570"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "opensearch data prepper",
"scope": "lt",
"trust": 1.0,
"vendor": "amazon",
"version": "2.5.0"
},
{
"model": "telepresence video communication server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.003.009"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "linkerd",
"scope": "lte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.5"
},
{
"model": "service interconnect",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "machine deletion remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7.5"
},
{
"model": "windows 11 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22000.2538"
},
{
"model": "traefik",
"scope": "eq",
"trust": 1.0,
"vendor": "traefik",
"version": "3.0.0"
},
{
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ios xr",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.11.2"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.0"
},
{
"model": "ultra cloud core - serving gateway function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "secure malware analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.19.2"
},
{
"model": "self node remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.80"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(1\\)"
},
{
"model": "cryostat",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "11.0.0"
},
{
"model": "grpc",
"scope": "lte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.59.2"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift api for data protection",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "integration camel for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "support for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "prime infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.4"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.93"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "r25"
},
{
"model": "web terminal",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(2\\)"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "ceph storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "proxygen",
"scope": "lt",
"trust": 1.0,
"vendor": "facebook",
"version": "2023.10.16.00"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4.2"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.2.3"
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.0"
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "windows 10 1607",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.14393.6351"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "node maintenance operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "networking",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "grpc",
"scope": "eq",
"trust": 1.0,
"vendor": "grpc",
"version": "1.57.0"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "run once duration override operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.2"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.56.3"
},
{
"model": "windows 10 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19045.3570"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.13"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "advanced cluster management for kubernetes",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "openresty",
"scope": "lt",
"trust": 1.0,
"vendor": "openresty",
"version": "1.21.4.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "windows 10 1809",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.17763.4974"
},
{
"model": "prime cable provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.1"
},
{
"model": "service telemetry framework",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.5"
},
{
"model": "windows server 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "crosswork data gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.0"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "contour",
"scope": "lt",
"trust": 1.0,
"vendor": "projectcontour",
"version": "2023-10-11"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.1.9"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r30"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.3"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.17.6"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift sandboxed containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.427"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "jboss data grid",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.0.0"
},
{
"model": "azure kubernetes service",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-08"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "9.4.53"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "process automation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "logging subsystem for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.24.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.27.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "crosswork situation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "ultra cloud core - policy control function",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.3"
},
{
"model": "connected mobile experiences",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.1"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "jboss a-mq streams",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.18.2"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.2"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.17"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.2"
},
{
"model": "3scale api management platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "ansible automation platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.3"
},
{
"model": "traefik",
"scope": "lt",
"trust": 1.0,
"vendor": "traefik",
"version": "2.10.5"
},
{
"model": "openshift gitops",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "go",
"scope": "gte",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.0"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.17"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.25.2"
},
{
"model": "windows server 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "jboss a-mq",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.20"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.0.0"
},
{
"model": "ultra cloud core - session management function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "ultra cloud core - policy control function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "17.1"
},
{
"model": "network observability operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.12"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"model": "http",
"scope": "eq",
"trust": 1.0,
"vendor": "ietf",
"version": "2.0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "openshift developer tools and services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.26.4"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fence agents remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "kazu yamamoto",
"version": "4.2.2"
},
{
"model": "ios xe",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "17.15.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fog director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.22"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.20.10"
},
{
"model": "migration toolkit for virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "prime access registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3.3"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "windows 11 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22621.2428"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "cert-manager operator for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "migration toolkit for containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openshift data science",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "h2o",
"scope": "lt",
"trust": 1.0,
"vendor": "dena",
"version": "2023-10-10"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.4.2"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "akka",
"version": "10.5.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.1"
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.414.2"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift container platform assisted installer",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "astra control center",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "secure web appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "15.1.0"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.25.9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "apisix",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.6.1"
},
{
"model": "openshift serverless",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "3.3.0"
},
{
"model": "armeria",
"scope": "lt",
"trust": 1.0,
"vendor": "linecorp",
"version": "1.26.0"
},
{
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "build of optaplanner",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "linkerd",
"scope": "gte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
}
],
"trust": 0.9
},
"cve": "CVE-2023-44487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-44487",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\nThe purpose of this text-only errata is to inform you about the security issues fixed. See references for release notes. \n\n\n\n\nDescription:\n\nThis asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13. \n\n\n\n\nDescription:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7610.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.12.45 packages and security update\nAdvisory ID: RHSA-2023:7610-03\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:7610\nIssue date: 2023-12-06\nRevision: 03\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nRed Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.45. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:7608\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html\n\n\nSolution:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2242803\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2243296\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2246310\n\n. ==========================================================================\nUbuntu Security Notice USN-6427-2\nOctober 19, 2023\n\ndotnet8 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n\nSummary:\n\n.NET could be made to crash if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- dotnet8: .NET CLI tools and runtime\n\nDetails:\n\nUSN-6427-1 fixed a vulnerability in .NET. This update\nprovides the corresponding update for .NET 8. \n\nOriginal advisory details:\n\n It was discovered that the .NET Kestrel web server did not properly \nhandle\n HTTP/2 requests. A remote attacker could possibly use this issue to\n cause a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n aspnetcore-runtime-8.0 8.0.0~rc2-0ubuntu1\n dotnet-host-8.0 8.0.0~rc2-0ubuntu1\n dotnet-hostfxr-8.0 8.0.0~rc2-0ubuntu1\n dotnet-runtime-8.0 8.0.0~rc2-0ubuntu1\n dotnet-sdk-8.0 8.0.100~rc2-0ubuntu1\n dotnet8 8.0.100-8.0.0~rc2-0ubuntu1\n\nIn general, a standard system update will make all the necessary changes. \n\n\n\n\nDescription:\n\nVarnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\n\n\n\nDescription:\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44487",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/19/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/20/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/7",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/9",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/08/13/6",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "175342",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175248",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175231",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175211",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"id": "VAR-202310-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.384739252
},
"last_update_date": "2026-03-09T20:20:55.960000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"trust": 1.0,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"trust": 1.0,
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"trust": 1.0,
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"trust": 1.0,
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"trust": 1.0,
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"trust": 1.0,
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"trust": 1.0,
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"trust": 1.0,
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"trust": 1.0,
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"trust": 1.0,
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3"
},
{
"trust": 1.0,
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"trust": 1.0,
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"trust": 1.0,
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"trust": 1.0,
"url": "https://github.com/bcdannyboy/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"trust": 1.0,
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"trust": 1.0,
"url": "https://netty.io/news/2023/10/10/4-1-100-final.html"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-vx74-f528-fxqg"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"trust": 1.0,
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"trust": 1.0,
"url": "https://ubuntu.com/security/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"trust": 1.0,
"url": "https://github.com/golang/go/issues/63417"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://security.paloaltonetworks.com/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"trust": 1.0,
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"trust": 1.0,
"url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html"
},
{
"trust": 1.0,
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"trust": 1.0,
"url": "https://www.phoronix.com/news/http2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://github.com/kong/kong/discussions/11741"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"trust": 1.0,
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo"
},
{
"trust": 1.0,
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"trust": 1.0,
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html"
},
{
"trust": 1.0,
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"trust": 1.0,
"url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"trust": 1.0,
"url": "https://github.com/microsoft/cbl-mariner/pull/6381"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"trust": 1.0,
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://my.f5.com/manage/s/article/k000137106"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 1.0,
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"trust": 1.0,
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://github.com/line/armeria/pull/5232"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"trust": 1.0,
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-http2-reset-d8kf32vz"
},
{
"trust": 1.0,
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"trust": 1.0,
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"trust": 1.0,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/"
},
{
"trust": 1.0,
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"trust": 1.0,
"url": "https://github.com/azure/aks/issues/3947"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"trust": 1.0,
"url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"trust": 1.0,
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2023-q4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6117"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6117.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6137.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6080"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6080.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5978.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5715.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6144.json"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246310"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7610.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7608"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7610"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6427-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0~rc2-0ubuntu1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6427-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5924.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5850.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5850"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "175342"
},
{
"db": "PACKETSTORM",
"id": "175348"
},
{
"db": "PACKETSTORM",
"id": "175307"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175263"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "176087"
},
{
"db": "PACKETSTORM",
"id": "175248"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175211"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-26T14:32:57",
"db": "PACKETSTORM",
"id": "175342"
},
{
"date": "2023-10-26T14:34:38",
"db": "PACKETSTORM",
"id": "175348"
},
{
"date": "2023-10-24T15:57:22",
"db": "PACKETSTORM",
"id": "175307"
},
{
"date": "2023-10-23T14:26:48",
"db": "PACKETSTORM",
"id": "175273"
},
{
"date": "2023-10-23T14:21:23",
"db": "PACKETSTORM",
"id": "175263"
},
{
"date": "2023-10-30T12:35:28",
"db": "PACKETSTORM",
"id": "175390"
},
{
"date": "2023-12-07T13:59:56",
"db": "PACKETSTORM",
"id": "176087"
},
{
"date": "2023-10-20T14:37:00",
"db": "PACKETSTORM",
"id": "175248"
},
{
"date": "2023-10-20T14:32:43",
"db": "PACKETSTORM",
"id": "175231"
},
{
"date": "2023-10-19T13:51:14",
"db": "PACKETSTORM",
"id": "175211"
},
{
"date": "2023-10-10T14:15:10.883000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-07T19:00:41.810000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175248"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2023-6117-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "175342"
}
],
"trust": 0.1
}
}
VAR-202007-1057
Vulnerability from variot - Updated: 2025-11-18 15:33A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. The Cisco ASA series is a series of customized solutions for security equipment launched by Cisco. It integrates advanced security and VPN services to protect business communications and organizations of all sizes from cyber threats.
Cisco has a variety of arbitrary file reading vulnerabilities, which can be exploited by attackers to obtain sensitive information. The platform provides features such as highly secure access to data and network resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.10.1.42"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.14"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.10"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.10"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.2.74"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.12"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.12.3.12"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13.1.10"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.14.1.10"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.16"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.6"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8.4.20"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0.1"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.4.42"
},
{
"model": "adaptive security appliance software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.6,\u003c9.6.4.42"
},
{
"model": "adaptive security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.8,\u003c9.8.4.20"
},
{
"model": "adaptive security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.9,\u003c9.9.2.74"
},
{
"model": "adaptive security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.10,\u003c9.10.1.42"
},
{
"model": "adaptive security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.12,\u003c9.12.3.12"
},
{
"model": "adaptive security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.13,\u003c9.13.1.10"
},
{
"model": "adaptive security appliance",
"scope": "gte",
"trust": 0.6,
"vendor": "cisco",
"version": "9.14,\u003c9.14.1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:adaptive_security_appliance_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Freakyclown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3452",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3452",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-008187",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-51264",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-181577",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3452",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008187",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3452",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@cisco.com",
"id": "CVE-2020-3452",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008187",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-51264",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1378",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181577",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3452",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "VULHUB",
"id": "VHN-181577"
},
{
"db": "VULMON",
"id": "CVE-2020-3452"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"db": "NVD",
"id": "CVE-2020-3452"
},
{
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. The Cisco ASA series is a series of customized solutions for security equipment launched by Cisco. It integrates advanced security and VPN services to protect business communications and organizations of all sizes from cyber threats. \n\r\n\r\nCisco has a variety of arbitrary file reading vulnerabilities, which can be exploited by attackers to obtain sensitive information. The platform provides features such as highly secure access to data and network resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "VULHUB",
"id": "VHN-181577"
},
{
"db": "VULMON",
"id": "CVE-2020-3452"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-181577",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181577"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3452",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "160497",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "158647",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "158646",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "159523",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "48871",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "48722",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1378",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-51264",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2522.4",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2522.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2522.2",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47633",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "49091",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49262",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98295",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-181577",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3452",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "VULHUB",
"id": "VHN-181577"
},
{
"db": "VULMON",
"id": "CVE-2020-3452"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"id": "VAR-202007-1057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "VULHUB",
"id": "VHN-181577"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
}
]
},
"last_update_date": "2025-11-18T15:33:14.317000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-asaftd-ro-path-KJuQhB86",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86"
},
{
"title": "Patches for arbitrary file reading vulnerabilities in CiscoASA series",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/233428"
},
{
"title": "Cisco Firepower Threat Defense and Adaptive Security Appliances Software Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124790"
},
{
"title": "Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-asaftd-ro-path-KJuQhB86"
},
{
"title": "CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/foulenzer/CVE-2020-3452 "
},
{
"title": "CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/Aviksaikat/CVE-2020-3452 "
},
{
"title": "CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/bn9r/cve-2020-3452 "
},
{
"title": "CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/foulenzer/cve-2020-3452 "
},
{
"title": "Checker CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/MrCl0wnLab/checker-cve2020-3452 "
},
{
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability\nCVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/fuzzlove/Cisco-ASA-FTD-Web-Services-Traversal "
},
{
"title": "https://github.com/grim3/CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/grim3/CVE-2020-3452 "
},
{
"title": "Exploit CISCO Remove File Via session_password.html",
"trust": 0.1,
"url": "https://github.com/dinhbaouit/CISCO-Remove-File "
},
{
"title": "Cisco-CVE-2020-3452-checker",
"trust": 0.1,
"url": "https://github.com/faisalfs10x/Cisco-CVE-2020-3452-checker "
},
{
"title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability\nCVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/drizzt-do-urden-da-drow/CISCO "
},
{
"title": "CVE-2020-3452-Exploit",
"trust": 0.1,
"url": "https://github.com/3ndG4me/CVE-2020-3452-Exploit "
},
{
"title": "CVE-2020-3452-Exploit",
"trust": 0.1,
"url": "https://github.com/iveresk/cve-2020-3452 "
},
{
"title": "https://github.com/mr-r3b00t/CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/mr-r3b00t/CVE-2020-3452 "
},
{
"title": "http-vuln-cve2020-3452.nse",
"trust": 0.1,
"url": "https://github.com/Gh0st0ne/http-vuln-cve2020-3452.nse "
},
{
"title": "Enum Cisco ASA via CVE-2020-3452 and download files\nConvert Lua byte code using unluac",
"trust": 0.1,
"url": "https://github.com/Veids/CVE-2020-3452_auto "
},
{
"title": "CVE-2020-3452",
"trust": 0.1,
"url": "https://github.com/XDev05/CVE-2020-3452-PoC "
},
{
"title": "dirty-scripts",
"trust": 0.1,
"url": "https://github.com/faisalfs10x/dirty-scripts "
},
{
"title": "https://github.com/Liger0898/Liger0898",
"trust": 0.1,
"url": "https://github.com/Liger0898/Liger0898 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "VULMON",
"id": "CVE-2020-3452"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-22",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181577"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-ro-path-kjuqhb86"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158646/cisco-asa-ftd-remote-file-disclosure.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158647/cisco-adaptive-security-appliance-software-9.11-local-file-inclusion.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/159523/cisco-asa-ftd-9.6.4.42-path-traversal.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/160497/cisco-asa-9.14.1.10-ftd-6.6.0.1-path-traversal.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3452"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-3452"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3452"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cis"
},
{
"trust": 0.6,
"url": "https://www.cnblogs.com/potatsosec/p/13364171.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2522.4/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2522.5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2522.2/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47633"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-asa-directory-traversal-via-http-requests-32899"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2522/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48871"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48722"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "VULHUB",
"id": "VHN-181577"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"db": "VULHUB",
"id": "VHN-181577"
},
{
"db": "VULMON",
"id": "CVE-2020-3452"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"date": "2020-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-181577"
},
{
"date": "2020-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3452"
},
{
"date": "2020-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1378"
},
{
"date": "2020-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"date": "2020-07-22T20:15:11.970000",
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-51264"
},
{
"date": "2022-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-181577"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3452"
},
{
"date": "2022-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1378"
},
{
"date": "2020-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008187"
},
{
"date": "2025-10-28T13:54:01.140000",
"db": "NVD",
"id": "CVE-2020-3452"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Input verification vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008187"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1378"
}
],
"trust": 0.6
}
}
VAR-201806-1026
Vulnerability from variot - Updated: 2025-11-18 15:22A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. Vendors have confirmed this vulnerability Bug ID CSCvi16029 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ASASoftware and FirepowerThreatDefense (FTD) Software are operating systems that run on different devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.3-85.02"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.3-851"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.3.1"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.4.8"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.7.29"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.1\\(2.5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7.1.24"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.2.4.33"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.2"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.2.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2.3"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8.2.28"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.4.4.18"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "9.9"
},
{
"model": "adaptive security appliance software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asa series next-generation firewalls",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5500-x"
},
{
"model": "adaptive security virtual appliance",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "firepower asa security module",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9300"
},
{
"model": "asa cloud firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1000v"
},
{
"model": "asa series adaptive security appliances",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5500"
},
{
"model": "firepower series security appliances",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4100"
},
{
"model": "series industrial security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3000"
},
{
"model": "firepower series security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2100"
},
{
"model": "ftd virtual",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "asa services module for cisco catalyst series switches and cisco series routers",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "65007600"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.9\\(1\\)"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.9\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.8\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.3(8)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.4)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.12)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.14.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(3.9)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(2.5)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(2.10)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.27"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.12"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(4.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.13"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(0.104)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5(1.4)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.13.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(7)"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.1(11)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(4.13)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.4.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.4(6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.2.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.515"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.21)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(1.4)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.3.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(2.10)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.32)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.3.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(1.8)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(1.50)"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(4.5)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4.20"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.45"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(1.7)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.13)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(3.10)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.42)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.2.9"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.0.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.3.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(2.8)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.39)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(4.11)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.2"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(0.0)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.7.17"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(3)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(3)"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.1.24"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.14"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.34"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.3(1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(7.16)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(3.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(3.4)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.2.10"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.2.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.12.10"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.4.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.13.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(7.13)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.38)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.15"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4(3.6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1.4.5"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.4.33"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.4.14"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.2.6"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.9.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(3.11)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.14.20"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.(3.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.4(3)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(2)8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.7)"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1.4"
},
{
"model": "asa series adaptive security appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55000"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(4.3)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(3.8)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(3)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4(2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(6.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(6.2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.(0.115)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.3.9"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.12.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(4.5)"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4(1.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5(3)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(6.9)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.3.20"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.14.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(2.6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.1.4.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.1.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4.26"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.3.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.3.17"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(3.3)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.3.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(3.8)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1.5"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(1.5)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(0.99)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.12"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.11"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3.3(10)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.3.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(1.105)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(7.7)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.7(19)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(3.2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.24"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.4.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.13"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(4.6)"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4.29"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(3.6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4(40)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(1.1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4(2.6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.512"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.8)"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.4.13"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.3.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.2.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.1.4.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(4.8)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.14.24"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.3.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.14.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4(2.4)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.4.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.7(9)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.3.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5(2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.33)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.13.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.14.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.1.3.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5(2.6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.11.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(7.6)"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.4.18"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(3.1)"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(3.7)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(2.243)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.14.17"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(5.106)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(2.99)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5(2.2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(1.2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4(4)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.510"
},
{
"model": "firepower threat defense software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.4.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.5.21"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.7.20"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(4.29)"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.8.2.28"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1(2)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4.24"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2(2.4)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.3(2.100)"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.7.29"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.2.21"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(1)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(2.6)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.7(16)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.2.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1.3.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.4.17"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.2.4(14)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "BID",
"id": "104612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:adaptive_security_appliance_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security researcher Michal Bentkowski from Securitum .,Angelo Ruwantha",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
}
],
"trust": 0.6
},
"cve": "CVE-2018-0296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0296",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11320",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-118498",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0296",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-0296",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0296",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0296",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-11320",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-401",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118498",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-0296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "VULHUB",
"id": "VHN-118498"
},
{
"db": "VULMON",
"id": "CVE-2018-0296"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. Vendors have confirmed this vulnerability Bug ID CSCvi16029 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ASASoftware and FirepowerThreatDefense (FTD) Software are operating systems that run on different devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0296"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "VULHUB",
"id": "VHN-118498"
},
{
"db": "VULMON",
"id": "CVE-2018-0296"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47220",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-118498",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118498"
},
{
"db": "VULMON",
"id": "CVE-2018-0296"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0296",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-184-01",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "44956",
"trust": 2.6
},
{
"db": "BID",
"id": "104612",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "154017",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1041076",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-401",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "44956",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-11320",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47220",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148658",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-97368",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-118498",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-0296",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "VULHUB",
"id": "VHN-118498"
},
{
"db": "VULMON",
"id": "CVE-2018-0296"
},
{
"db": "BID",
"id": "104612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"id": "VAR-201806-1026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "VULHUB",
"id": "VHN-118498"
}
],
"trust": 1.4494783233333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
}
]
},
"last_update_date": "2025-11-18T15:22:22.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180606-asaftd",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd"
},
{
"title": "Several Cisco products ASASoftware and FirepowerThreatDefenseSoftware enter patches for verification vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/131753"
},
{
"title": "Cisco: Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180606-asaftd"
},
{
"title": "CVE-2018-0296",
"trust": 0.1,
"url": "https://github.com/qiantu88/CVE-2018-0296 "
},
{
"title": "CVE-2018-0296",
"trust": 0.1,
"url": "https://github.com/milo2012/CVE-2018-0296 "
},
{
"title": "CVE-2018-0296",
"trust": 0.1,
"url": "https://github.com/yassineaboukir/CVE-2018-0296 "
},
{
"title": "CVE-2018-0296",
"trust": 0.1,
"url": "https://github.com/irbishop/CVE-2018-0296 "
},
{
"title": "CVE-2018-0296",
"trust": 0.1,
"url": "https://github.com/bhenner1/CVE-2018-0296 "
},
{
"title": "CiscoIOSSNMPToolkit",
"trust": 0.1,
"url": "https://github.com/GarnetSunset/CiscoIOSSNMPToolkit "
},
{
"title": "common-lists",
"trust": 0.1,
"url": "https://github.com/tomikoski/common-lists "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/iveresk/cve-2020-3452 "
},
{
"title": "CVE-2020-3452-Exploit",
"trust": 0.1,
"url": "https://github.com/3ndG4me/CVE-2020-3452-Exploit "
},
{
"title": "KB",
"trust": 0.1,
"url": "https://github.com/rudinyu/KB "
},
{
"title": "RedTeam",
"trust": 0.1,
"url": "https://github.com/slimdaddy/RedTeam "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "VULMON",
"id": "CVE-2018-0296"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-22",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118498"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-asaftd"
},
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-184-01"
},
{
"trust": 2.6,
"url": "https://www.exploit-db.com/exploits/44956/"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/154017/cisco-adaptive-security-appliance-path-traversal.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104612"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041076"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2018-0296"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0296"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0296"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47220"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-http-url-28680"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "https://github.com/yassineaboukir/cve-2018-0296"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "VULHUB",
"id": "VHN-118498"
},
{
"db": "BID",
"id": "104612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"db": "VULHUB",
"id": "VHN-118498"
},
{
"db": "VULMON",
"id": "CVE-2018-0296"
},
{
"db": "BID",
"id": "104612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"date": "2018-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-118498"
},
{
"date": "2018-06-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0296"
},
{
"date": "2018-06-06T00:00:00",
"db": "BID",
"id": "104612"
},
{
"date": "2018-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-401"
},
{
"date": "2018-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"date": "2018-06-07T12:29:00.403000",
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11320"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-118498"
},
{
"date": "2023-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0296"
},
{
"date": "2018-06-06T00:00:00",
"db": "BID",
"id": "104612"
},
{
"date": "2020-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-401"
},
{
"date": "2018-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006154"
},
{
"date": "2025-10-28T13:57:29.230000",
"db": "NVD",
"id": "CVE-2018-0296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Adaptive Security Appliance and Firepower Threat Defense Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006154"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-401"
}
],
"trust": 0.6
}
}
VAR-202005-0696
Vulnerability from variot - Updated: 2025-11-18 15:06A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0696",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.10"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.6"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.16"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.2.67"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13.1.10"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.10.1.40"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.9"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.12"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8.4.20"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.12.3.9"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "cisco adaptive security appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"cve": "CVE-2020-3259",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3259",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-181384",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3259",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3259",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3259",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@cisco.com",
"id": "CVE-2020-3259",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-3259",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-221",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181384",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3259",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181384"
},
{
"db": "VULMON",
"id": "CVE-2020-3259"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"db": "NVD",
"id": "CVE-2020-3259"
},
{
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3259"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"db": "VULHUB",
"id": "VHN-181384"
},
{
"db": "VULMON",
"id": "CVE-2020-3259"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3259",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-221",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1615",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1615.2",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-31106",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-181384",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3259",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181384"
},
{
"db": "VULMON",
"id": "CVE-2020-3259"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"id": "VAR-202005-0696",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181384"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T15:06:24.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-asaftd-info-disclose-9eJtycMB",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB"
},
{
"title": "Cisco Firepower Threat Defense and Adaptive Security Appliances Software Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117822"
},
{
"title": "Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-asaftd-info-disclose-9eJtycMB"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2024/01/31/cisco_vuln_akira_attacks/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3259"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181384"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-info-disclose-9ejtycmb"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3259"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-3259"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-asa-information-disclosure-via-http-get-32189"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1615/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1615.2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2024/01/31/cisco_vuln_akira_attacks/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181384"
},
{
"db": "VULMON",
"id": "CVE-2020-3259"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181384"
},
{
"db": "VULMON",
"id": "CVE-2020-3259"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-221"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-181384"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3259"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-221"
},
{
"date": "2020-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"date": "2020-05-06T17:15:12.777000",
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-181384"
},
{
"date": "2023-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3259"
},
{
"date": "2021-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-221"
},
{
"date": "2024-03-06T03:16:00",
"db": "JVNDB",
"id": "JVNDB-2020-005198"
},
{
"date": "2025-10-28T13:57:45.773000",
"db": "NVD",
"id": "CVE-2020-3259"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-221"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Adaptive\u00a0Security\u00a0Appliance\u00a0 and \u00a0Cisco\u00a0Firepower\u00a0Threat\u00a0Defense\u00a0 Software vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005198"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-221"
}
],
"trust": 0.6
}
}
VAR-202010-1052
Vulnerability from variot - Updated: 2025-11-18 15:06Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. The platform provides features such as highly secure access to data and network resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.14"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.10"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.14.2.8"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.12.4.13"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8.4.34"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.15"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.12"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.15.1.15"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.4"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.2.85"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0.2"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13.1.21"
},
{
"model": "cisco adaptive security appliance \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"cve": "CVE-2020-3580",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2020-3580",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-181705",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3580",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-3580",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3580",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@cisco.com",
"id": "CVE-2020-3580",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-3580",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1177",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-181705",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-3580",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181705"
},
{
"db": "VULMON",
"id": "CVE-2020-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"db": "NVD",
"id": "CVE-2020-3580"
},
{
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. The platform provides features such as highly secure access to data and network resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3580"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"db": "VULHUB",
"id": "VHN-181705"
},
{
"db": "VULMON",
"id": "CVE-2020-3580"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3580",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1177",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3642",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3642.3",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "50204",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-59754",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-181705",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3580",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181705"
},
{
"db": "VULMON",
"id": "CVE-2020-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"id": "VAR-202010-1052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181705"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T15:06:22.706000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-asaftd-xss-multiple-FCB3vPZe",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe"
},
{
"title": "Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-asaftd-xss-multiple-FCB3vPZe"
},
{
"title": "CVE-2020-3580 Automated Scanner",
"trust": 0.1,
"url": "https://github.com/adarshvs/CVE-2020-3580 "
},
{
"title": "CVE-2020-3580\nUsage\nExample / Result",
"trust": 0.1,
"url": "https://github.com/catatonicprime/CVE-2020-3580 "
},
{
"title": "CVE-2020-3580 Automated Scanner \n\nCredit\u0027s",
"trust": 0.1,
"url": "https://github.com/imhunterand/CVE-2020-3580 "
},
{
"title": "HackerOneAPIClient",
"trust": 0.1,
"url": "https://github.com/pdelteil/HackerOneAPIClient "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/n1sh1th/CVE-POC "
},
{
"title": "vulcat",
"trust": 0.1,
"url": "https://github.com/CLincat/vulcat "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3580"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181705"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asaftd-xss-multiple-fcb3vpze"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3580"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-3580"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-asa-software-cross-site-scripting-via-web-services-33675"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3642.3"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50204"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3642/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181705"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181705"
},
{
"db": "VULMON",
"id": "CVE-2020-3580"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-181705"
},
{
"date": "2020-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3580"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1177"
},
{
"date": "2021-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"date": "2020-10-21T19:15:18.607000",
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-181705"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3580"
},
{
"date": "2022-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1177"
},
{
"date": "2021-05-17T09:06:00",
"db": "JVNDB",
"id": "JVNDB-2020-012620"
},
{
"date": "2025-10-28T13:53:44.227000",
"db": "NVD",
"id": "CVE-2020-3580"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Adaptive\u00a0Security\u00a0Appliance\u00a0 and \u00a0Cisco\u00a0Firepower\u00a0Threat\u00a0Defense\u00a0 Cross-site scripting vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012620"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1177"
}
],
"trust": 0.6
}
}
VAR-202110-1352
Vulnerability from variot - Updated: 2025-07-07 21:42Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. plural Cisco products and Snort Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.0.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "snort",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5.1"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.13"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0.3"
},
{
"model": "snort",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.0.100"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "snort",
"scope": null,
"trust": 0.8,
"vendor": "snort",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"cve": "CVE-2021-40116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-40116",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-401509",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40116",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40116",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-40116",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40116",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@cisco.com",
"id": "CVE-2021-40116",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40116",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1965",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-401509",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-40116",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. plural Cisco products and Snort Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40116",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021102918",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3600",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-401509",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-40116",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"id": "VAR-202110-1352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
}
],
"trust": 0.01
},
"last_update_date": "2025-07-07T21:42:43.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.snort.org/"
},
{
"title": "Cisco Products Snort Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167516"
},
{
"title": "Cisco: Multiple Cisco Products Snort Rule Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-snort-dos-RywH7ezM"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-241",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-snort-dos-rywh7ezm"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40116"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3600"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102918"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/snort-denial-of-service-via-block-with-reset-36734"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-401509"
},
{
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-401509"
},
{
"date": "2021-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"date": "2022-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"date": "2021-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"date": "2021-10-27T19:15:08.717000",
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-401509"
},
{
"date": "2021-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40116"
},
{
"date": "2022-10-12T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-014297"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1965"
},
{
"date": "2025-07-07T12:40:02.540000",
"db": "NVD",
"id": "CVE-2021-40116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Cisco\u00a0 products and \u00a0Snort\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014297"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1965"
}
],
"trust": 0.6
}
}
VAR-201702-0789
Vulnerability from variot - Updated: 2025-04-20 23:42A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0. Cisco Firepower is a firewall device developed by Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCvb86860. The vulnerability is caused by the program's insufficient validation of input. The following products are affected: Cisco ASA5506-X; ASA5506W-X; ASA5506H-X; ASA5508-X;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0789",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "asa5555-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5506-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5506h-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5506w-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5508-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5512-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5515-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5516-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5525-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa5545-x",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.1.x"
},
{
"model": "firepower threat defense software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "BID",
"id": "95944"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
},
{
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "95944"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3822",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01196",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-112025",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3822",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3822",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3822",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01196",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-014",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112025",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "VULHUB",
"id": "VHN-112025"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
},
{
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0. Cisco Firepower is a firewall device developed by Cisco. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. \nThis issue is being tracked by Cisco Bug ID CSCvb86860. The vulnerability is caused by the program\u0027s insufficient validation of input. The following products are affected: Cisco ASA5506-X; ASA5506W-X; ASA5506H-X; ASA5508-X;",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3822"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "BID",
"id": "95944"
},
{
"db": "VULHUB",
"id": "VHN-112025"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3822",
"trust": 3.4
},
{
"db": "BID",
"id": "95944",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037775",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-014",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01196",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112025",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "VULHUB",
"id": "VHN-112025"
},
{
"db": "BID",
"id": "95944"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
},
{
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"id": "VAR-201702-0789",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "VULHUB",
"id": "VHN-112025"
}
],
"trust": 1.43333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
}
]
},
"last_update_date": "2025-04-20T23:42:16.314000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170201-fpw2",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2"
},
{
"title": "Patch for CiscoFirepowerThreatDefense Log Modification Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89171"
},
{
"title": "Multiple Cisco product Firepower Threat Defense Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67404"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112025"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw2"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95944"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037775"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3822"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3822"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw2 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "VULHUB",
"id": "VHN-112025"
},
{
"db": "BID",
"id": "95944"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
},
{
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"db": "VULHUB",
"id": "VHN-112025"
},
{
"db": "BID",
"id": "95944"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
},
{
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"date": "2017-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112025"
},
{
"date": "2017-02-01T00:00:00",
"db": "BID",
"id": "95944"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"date": "2017-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-014"
},
{
"date": "2017-02-03T07:59:00.890000",
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01196"
},
{
"date": "2017-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-112025"
},
{
"date": "2017-02-02T08:05:00",
"db": "BID",
"id": "95944"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001724"
},
{
"date": "2017-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-014"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Threat Defense of Firepower Device Manager Vulnerabilities that allow arbitrary entries to be added to the audit log",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-014"
}
],
"trust": 0.6
}
}
VAR-201704-0957
Vulnerability from variot - Updated: 2025-04-20 23:34A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2. Vendors have confirmed this vulnerability Bug ID CSCvb62292 It is released as.Service operation interruption (DoS) An attack may be carried out. An attacker can exploit this issue to restart the affected process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvb62292. Firepower System Software 6.0.1, 6.1.0, and 6.2.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0957",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "firepower system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "firepower system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower system software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "97453"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
},
{
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97453"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-3887",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-112090",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2017-3887",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3887",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3887",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-436",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112090",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112090"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
},
{
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2. Vendors have confirmed this vulnerability Bug ID CSCvb62292 It is released as.Service operation interruption (DoS) An attack may be carried out. \nAn attacker can exploit this issue to restart the affected process, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCvb62292. \nFirepower System Software 6.0.1, 6.1.0, and 6.2.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3887"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "BID",
"id": "97453"
},
{
"db": "VULHUB",
"id": "VHN-112090"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3887",
"trust": 2.8
},
{
"db": "BID",
"id": "97453",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-436",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-112090",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112090"
},
{
"db": "BID",
"id": "97453"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
},
{
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"id": "VAR-201704-0957",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-112090"
}
],
"trust": 0.6657894599999999
},
"last_update_date": "2025-04-20T23:34:27.339000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170405-cfpw1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1"
},
{
"title": "Cisco Firepower System Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69160"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112090"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cfpw1"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97453"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3887"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3887"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112090"
},
{
"db": "BID",
"id": "97453"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
},
{
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-112090"
},
{
"db": "BID",
"id": "97453"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
},
{
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-112090"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97453"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-436"
},
{
"date": "2017-04-07T17:59:00.450000",
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112090"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97453"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003077"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-436"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower System Software buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003077"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-436"
}
],
"trust": 0.6
}
}
VAR-201702-0817
Vulnerability from variot - Updated: 2025-04-20 23:33A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). Multiple Cisco Products are prone to a local command-injection vulnerability. This issue being tracked by Cisco Bug ID CSCvb61343
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0817",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "2.0(1.68)"
},
{
"model": "firepower series next-generation firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4100"
},
{
"model": "firepower security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9300"
},
{
"model": "firepower security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "93000"
},
{
"model": "firepower series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.0(1.68)"
},
{
"model": "firepower series next-generation firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "41000"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "900092.2(1.101)"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "900092.1(1.1763)"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "900092.1(1.1646)"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.1(1.47)"
},
{
"model": "firepower series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "90002.0(1.118)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "BID",
"id": "95943"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
},
{
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "95943"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3806",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-01162",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-112009",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2017-3806",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3806",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3806",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112009",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "VULHUB",
"id": "VHN-112009"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
},
{
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). Multiple Cisco Products are prone to a local command-injection vulnerability. \nThis issue being tracked by Cisco Bug ID CSCvb61343",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3806"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "BID",
"id": "95943"
},
{
"db": "VULHUB",
"id": "VHN-112009"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3806",
"trust": 3.4
},
{
"db": "BID",
"id": "95943",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01162",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112009",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "VULHUB",
"id": "VHN-112009"
},
{
"db": "BID",
"id": "95943"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
},
{
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"id": "VAR-201702-0817",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "VULHUB",
"id": "VHN-112009"
}
],
"trust": 1.3114192999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
}
]
},
"last_update_date": "2025-04-20T23:33:01.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170201-fpw",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw"
},
{
"title": "Multiple Cisco product local command injection vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88863"
},
{
"title": "Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67409"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112009"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-fpw"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95943"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3806"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3806"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "VULHUB",
"id": "VHN-112009"
},
{
"db": "BID",
"id": "95943"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
},
{
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"db": "VULHUB",
"id": "VHN-112009"
},
{
"db": "BID",
"id": "95943"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
},
{
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"date": "2017-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112009"
},
{
"date": "2017-02-01T00:00:00",
"db": "BID",
"id": "95943"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"date": "2017-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-021"
},
{
"date": "2017-02-03T07:59:00.657000",
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01162"
},
{
"date": "2017-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-112009"
},
{
"date": "2017-02-02T08:05:00",
"db": "BID",
"id": "95943"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001721"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-021"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "95943"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower 4100 Series next-generation firewall and Firepower 9300 Security appliance vulnerable to arbitrary shell command insertion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-021"
}
],
"trust": 0.6
}
}
VAR-201705-3654
Vulnerability from variot - Updated: 2025-04-20 23:23A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072. Cisco FirePOWER System Software contains resource management vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvd07072 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3654",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.1.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2_base"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.3.0 to 6.2.2"
},
{
"model": "firepower system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.0.2"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1.3"
}
],
"sources": [
{
"db": "BID",
"id": "98523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-913"
},
{
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "98523"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6632",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6632",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114835",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6632",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6632",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6632",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-913",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114835",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-913"
},
{
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072. Cisco FirePOWER System Software contains resource management vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvd07072 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6632"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"db": "BID",
"id": "98523"
},
{
"db": "VULHUB",
"id": "VHN-114835"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6632",
"trust": 2.8
},
{
"db": "BID",
"id": "98523",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-913",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114835",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114835"
},
{
"db": "BID",
"id": "98523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-913"
},
{
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"id": "VAR-201705-3654",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114835"
}
],
"trust": 0.6657894599999999
},
"last_update_date": "2025-04-20T23:23:45.885000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170517-fpwr",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
},
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-fpwr"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98523"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6632"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6632"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114835"
},
{
"db": "BID",
"id": "98523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-913"
},
{
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114835"
},
{
"db": "BID",
"id": "98523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-913"
},
{
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-114835"
},
{
"date": "2017-05-17T00:00:00",
"db": "BID",
"id": "98523"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-913"
},
{
"date": "2017-05-22T01:29:00.243000",
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114835"
},
{
"date": "2017-05-17T00:00:00",
"db": "BID",
"id": "98523"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004172"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-913"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6632"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco FirePOWER System Software management resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004172"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-913"
}
],
"trust": 0.6
}
}
VAR-201705-3740
Vulnerability from variot - Updated: 2025-04-20 23:23A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. Vendors have confirmed this vulnerability Bug ID CSCvc84361 It is released as.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause cause a denial-of-service condition, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3740",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.0.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower management center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "98292"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
},
{
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "98292"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6625",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6625",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-114828",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6625",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6625",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6625",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-205",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114828",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114828"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
},
{
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A \"Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service\" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. Vendors have confirmed this vulnerability Bug ID CSCvc84361 It is released as.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause cause a denial-of-service condition, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6625"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "BID",
"id": "98292"
},
{
"db": "VULHUB",
"id": "VHN-114828"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6625",
"trust": 2.8
},
{
"db": "BID",
"id": "98292",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038397",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-205",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114828",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114828"
},
{
"db": "BID",
"id": "98292"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
},
{
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"id": "VAR-201705-3740",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114828"
}
],
"trust": 0.6657894599999999
},
"last_update_date": "2025-04-20T23:23:45.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170503-ftd",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd"
},
{
"title": "Cisco Firepower System Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69835"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114828"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/98292"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170503-ftd"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038397"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6625"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6625"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114828"
},
{
"db": "BID",
"id": "98292"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
},
{
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114828"
},
{
"db": "BID",
"id": "98292"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
},
{
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114828"
},
{
"date": "2017-05-03T00:00:00",
"db": "BID",
"id": "98292"
},
{
"date": "2017-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"date": "2017-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-205"
},
{
"date": "2017-05-03T21:59:00.230000",
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114828"
},
{
"date": "2017-05-18T16:18:00",
"db": "BID",
"id": "98292"
},
{
"date": "2017-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003771"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-205"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6625"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Threat Defense and FirePOWER With modules Cisco ASA Resource management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003771"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-205"
}
],
"trust": 0.6
}
}
VAR-201810-0327
Vulnerability from variot - Updated: 2025-01-30 22:38A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. To send the commands, the attacker must have root privileges for at least one affected sensor or the Cisco FMC. The vulnerability exists because the affected software performs insufficient checks for certain CLI commands, if the commands are executed via a Sourcefire tunnel connection. An attacker could exploit this vulnerability by authenticating with root privileges to a Firepower sensor or Cisco FMC, and then sending specific CLI commands to the Cisco FMC or through the Cisco FMC to another Firepower sensor via the Sourcefire tunnel connection. A successful exploit could allow the attacker to modify device configurations or delete files on the device that is running Cisco FMC Software or on any Firepower device that is managed by Cisco FMC. Cisco Firepower System The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, etc. are all security devices of Cisco (Cisco). Firepower System Software is a firewall operating system used in it. The following products are affected: Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 4100 Series Security Appliances; Firepower 9300 Series Security Appliances; Firepower Management Center; Firepower Threat Defense; Firepower Threat Defense Virtual (FTDv);
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
},
{
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
}
]
},
"cve": "CVE-2018-0453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0453",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-118655",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2018-0453",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0453",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0453",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-176",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118655",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
},
{
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. To send the commands, the attacker must have root privileges for at least one affected sensor or the Cisco FMC. The vulnerability exists because the affected software performs insufficient checks for certain CLI commands, if the commands are executed via a Sourcefire tunnel connection. An attacker could exploit this vulnerability by authenticating with root privileges to a Firepower sensor or Cisco FMC, and then sending specific CLI commands to the Cisco FMC or through the Cisco FMC to another Firepower sensor via the Sourcefire tunnel connection. A successful exploit could allow the attacker to modify device configurations or delete files on the device that is running Cisco FMC Software or on any Firepower device that is managed by Cisco FMC. Cisco Firepower System The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, etc. are all security devices of Cisco (Cisco). Firepower System Software is a firewall operating system used in it. The following products are affected: Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services; Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 4100 Series Security Appliances; Firepower 9300 Series Security Appliances; Firepower Management Center; Firepower Threat Defense; Firepower Threat Defense Virtual (FTDv);",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0453"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "VULHUB",
"id": "VHN-118655"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0453",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011572",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-176",
"trust": 0.7
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-118655",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
},
{
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"id": "VAR-201810-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118655"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"industrial device"
],
"sub_category": "firepower device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T22:38:01.956000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20181003-fp-cmd-injection",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-cmd-injection"
},
{
"title": "Cisco Firepower System Software Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85390"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
},
{
"problemtype": "CWE-78",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-fp-cmd-injection"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0453"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0453"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
},
{
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-118655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
},
{
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118655"
},
{
"date": "2019-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"date": "2018-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-176"
},
{
"date": "2018-10-05T14:29:03.340000",
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118655"
},
{
"date": "2019-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011572"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-176"
},
{
"date": "2024-11-21T03:38:15.773000",
"db": "NVD",
"id": "CVE-2018-0453"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower System Vulnerability related to authorization, authority, and access control in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011572"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-176"
}
],
"trust": 0.6
}
}
VAR-201910-0337
Vulnerability from variot - Updated: 2024-11-27 22:57A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower extensible operating system",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3.1.155"
},
{
"model": "firepower extensible operating system",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "firepower 9300",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "r241"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.7"
},
{
"model": "firepower 9300",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "r114"
},
{
"model": "firepower extensible operating system",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.6.1.131"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.14"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.7"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2.5"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower extensible operating system",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.4"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.14"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower extensible operating system",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.3"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower 9300",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "fx-os",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:firepower_9300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:fxos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was found by Sanmith Prakash of Cisco during internal security testing.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
}
],
"trust": 0.6
},
"cve": "CVE-2019-12700",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-12700",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-144473",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-12700",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2019-12700",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-12700",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12700",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-12700",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-12700",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-083",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-144473",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
},
{
"db": "NVD",
"id": "CVE-2019-12700"
},
{
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "VULHUB",
"id": "VHN-144473"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12700",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010595",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-083",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3712",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-144473",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
},
{
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"id": "VAR-201910-0337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-144473"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:57:43.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20191002-ftd-fpmc-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos"
},
{
"title": "Cisco Firepower Threat Defense , Cisco Firepower Management Center and FXOS Software Pluggable Authentication Module Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98819"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-ftd-fpmc-dos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12700"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12700"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3712/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
},
{
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-144473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
},
{
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-144473"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"date": "2019-10-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-083"
},
{
"date": "2019-10-02T19:15:13.810000",
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-144473"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010595"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-083"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-12700"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Product depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010595"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-083"
}
],
"trust": 0.6
}
}
VAR-202010-1035
Vulnerability from variot - Updated: 2024-11-27 22:56A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.10"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.6"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.6"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.10"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
}
]
},
"cve": "CVE-2020-3550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3550",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009723",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-181675",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3550",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3550",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009723",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3550",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3550",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009723",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1160",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181675",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3550",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181675"
},
{
"db": "VULMON",
"id": "CVE-2020-3550"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3550"
},
{
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3550"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"db": "VULHUB",
"id": "VHN-181675"
},
{
"db": "VULMON",
"id": "CVE-2020-3550"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3550",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009723",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1160",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "50196",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3641",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181675",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3550",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181675"
},
{
"db": "VULMON",
"id": "CVE-2020-3550"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"id": "VAR-202010-1035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181675"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:56:41.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-ftdfmc-dirtrav-NW8XcuSB",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181675"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftdfmc-dirtrav-nw8xcusb"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3550"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3550"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3641/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50196"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181675"
},
{
"db": "VULMON",
"id": "CVE-2020-3550"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181675"
},
{
"db": "VULMON",
"id": "CVE-2020-3550"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-181675"
},
{
"date": "2020-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3550"
},
{
"date": "2020-12-02T07:28:37",
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1160"
},
{
"date": "2020-10-21T19:15:17.217000",
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-181675"
},
{
"date": "2020-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3550"
},
{
"date": "2020-12-02T07:28:37",
"db": "JVNDB",
"id": "JVNDB-2020-009723"
},
{
"date": "2020-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1160"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2020-3550"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Management Center software and Cisco Firepower Threat Defense software Past Traversal Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009723"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1160"
}
],
"trust": 0.6
}
}
VAR-202010-1034
Vulnerability from variot - Updated: 2024-11-27 22:56A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.1"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.1"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
}
]
},
"cve": "CVE-2020-3549",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-3549",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009722",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-181674",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2020-3549",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2020-3549",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009722",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3549",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3549",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009722",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181674",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3549",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181674"
},
{
"db": "VULMON",
"id": "CVE-2020-3549"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3549"
},
{
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3549"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"db": "VULHUB",
"id": "VHN-181674"
},
{
"db": "VULMON",
"id": "CVE-2020-3549"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3549",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009722",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1159",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "50206",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3641",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-44679",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-181674",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3549",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181674"
},
{
"db": "VULMON",
"id": "CVE-2020-3549"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"id": "VAR-202010-1034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181674"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:56:41.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-ftdfmc-sft-mitm-tc8AzFs2",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-sft-mitm-tc8AzFs2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181674"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftdfmc-sft-mitm-tc8azfs2"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3549"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3549"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50206"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3641/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181674"
},
{
"db": "VULMON",
"id": "CVE-2020-3549"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181674"
},
{
"db": "VULMON",
"id": "CVE-2020-3549"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-181674"
},
{
"date": "2020-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3549"
},
{
"date": "2020-12-02T07:28:35",
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1159"
},
{
"date": "2020-10-21T19:15:17.123000",
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-181674"
},
{
"date": "2020-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3549"
},
{
"date": "2020-12-02T07:28:35",
"db": "JVNDB",
"id": "JVNDB-2020-009722"
},
{
"date": "2020-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1159"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2020-3549"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Management Center Software and Cisco Firepower Threat Defense Cryptographic strength vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1159"
}
],
"trust": 0.6
}
}
VAR-202211-1092
Vulnerability from variot - Updated: 2024-11-27 22:51A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.3"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.3"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.2.1"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0.5"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.2"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.15"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2.5"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5.2"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.5"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0.1"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.2.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.4"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.4"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0.6"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0.7"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.18"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0.1"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0.5"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1.1"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.4"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.4"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.1"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.5"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5.1"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0.6"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.15"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0.7"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1.1"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.3"
},
{
"model": "firepower threat defense",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.18"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2.5"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.2"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0.1"
},
{
"model": "cisco firepower management center software",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"cve": "CVE-2022-20854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20854",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20854",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20854",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2487",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2487"
},
{
"db": "NVD",
"id": "CVE-2022-20854"
},
{
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. \r\n\r This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20854"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "VULHUB",
"id": "VHN-405407"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20854",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022881",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2487",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-405407",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405407"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2487"
},
{
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"id": "VAR-202211-1092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405407"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:51:50.738000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-fmc-dos-OwEunWJN",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dos-OwEunWJN"
},
{
"title": "Cisco Firepower Management Center and Firepower Threat Defense Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=213584"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405407"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20854"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-dos-oweunwjn"
},
{
"trust": 0.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-dos-oweunwjn"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20854/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405407"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2487"
},
{
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405407"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2487"
},
{
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-405407"
},
{
"date": "2023-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2487"
},
{
"date": "2022-11-15T21:15:27.867000",
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-405407"
},
{
"date": "2023-11-21T04:54:00",
"db": "JVNDB",
"id": "JVNDB-2022-022881"
},
{
"date": "2022-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2487"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2022-20854"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems \u00a0Cisco\u00a0Firepower\u00a0Management\u00a0Center\u00a0Software\u00a0 and \u00a0Cisco\u00a0Firepower\u00a0Threat\u00a0Defense\u00a0 Exceptional State Handling Vulnerability in Software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022881"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2487"
}
],
"trust": 0.6
}
}
VAR-201905-0238
Vulnerability from variot - Updated: 2024-11-27 22:47A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. This issue is being tracked by Cisco Bug ID CSCvm14267. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0238",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "firepower threat defense software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3.12"
}
],
"sources": [
{
"db": "BID",
"id": "108156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "108156"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1709",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-149301",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-1709",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2019-1709",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1709",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1709",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1709",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-009",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149301",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149301"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
},
{
"db": "NVD",
"id": "CVE-2019-1709"
},
{
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. \nThis issue is being tracked by Cisco Bug ID CSCvm14267. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1709"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "BID",
"id": "108156"
},
{
"db": "VULHUB",
"id": "VHN-149301"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1709",
"trust": 2.8
},
{
"db": "BID",
"id": "108156",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1516",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149301",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149301"
},
{
"db": "BID",
"id": "108156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
},
{
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"id": "VAR-201905-0238",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149301"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:47:24.949000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190501-frpwr-cmd-inj",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-cmd-inj"
},
{
"title": "Cisco Firepower Threat Defense Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92160"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
},
{
"problemtype": "CWE-77",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149301"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-frpwr-cmd-inj"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108156"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1709"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1709"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-ftd-cmd-inject"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80106"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149301"
},
{
"db": "BID",
"id": "108156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
},
{
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149301"
},
{
"db": "BID",
"id": "108156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
},
{
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-149301"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108156"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"date": "2019-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-009"
},
{
"date": "2019-05-03T16:29:00.740000",
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-149301"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108156"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003887"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-009"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-1709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "108156"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Threat Defense In software OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003887"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-009"
}
],
"trust": 0.6
}
}
VAR-201905-0585
Vulnerability from variot - Updated: 2024-11-27 22:47Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Firepower Threat Defense (FTD) The software is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Exploiting these issues allow remote attackers to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvj83264, CSCvj91418. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco 3000 Series Industrial Security Appliances is a 3000 series firewall appliance. Cisco ASA 5500-X Series Firewalls is a 5500-X series firewall appliance. FTD Software is one of the unified software that provides next-generation firewall services. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Cisco 3000 Series Industrial Security Appliances (ISAs); Adaptive Security Appliance (ASA) 5500-X Series Firewalls; ASA 5500-X Series with FirePOWER Services; Advanced Malware Protection (AMP) for Networks for FirePOWER 7000 Series Appliances; AMP for Networks for FirePOWER 8000 Series Appliances; Firepower 2100 Series; Firepower 4100 Series; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Security Appliances;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.12"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.11"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.10"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.8"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.9"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "next generation intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower threat defense virtual",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "firepower threat defense for integrated services routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firepower security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "93000"
},
{
"model": "firepower series appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80000"
},
{
"model": "firepower series appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "firepower series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "41000"
},
{
"model": "firepower series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "21000"
},
{
"model": "asa series with firepower services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x0"
},
{
"model": "asa series firewalls",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5500-x0"
},
{
"model": "advanced malware protection series appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "series industrial security appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "firepower threat defense software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.0.3"
},
{
"model": "firepower threat defense software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3.12"
}
],
"sources": [
{
"db": "BID",
"id": "108171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "108171"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1696",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2019-1696",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-149158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-1696",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1696",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1696",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1696",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1696",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-008",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149158",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
},
{
"db": "NVD",
"id": "CVE-2019-1696"
},
{
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Firepower Threat Defense (FTD) The software is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. \nExploiting these issues allow remote attackers to cause a denial-of-service condition. \nThis issue is being tracked by Cisco Bug ID CSCvj83264, CSCvj91418. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco 3000 Series Industrial Security Appliances is a 3000 series firewall appliance. Cisco ASA 5500-X Series Firewalls is a 5500-X series firewall appliance. FTD Software is one of the unified software that provides next-generation firewall services. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Cisco 3000 Series Industrial Security Appliances (ISAs); Adaptive Security Appliance (ASA) 5500-X Series Firewalls; ASA 5500-X Series with FirePOWER Services; Advanced Malware Protection (AMP) for Networks for FirePOWER 7000 Series Appliances; AMP for Networks for FirePOWER 8000 Series Appliances; Firepower 2100 Series; Firepower 4100 Series; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Security Appliances;",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "BID",
"id": "108171"
},
{
"db": "VULHUB",
"id": "VHN-149158"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1696",
"trust": 2.8
},
{
"db": "BID",
"id": "108171",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-008",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1516",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149158",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149158"
},
{
"db": "BID",
"id": "108171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
},
{
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"id": "VAR-201905-0585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149158"
}
],
"trust": 0.6916945099999999
},
"last_update_date": "2024-11-27T22:47:24.913000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190501-frpwr-smb-snort",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort"
},
{
"title": "Cisco Firepower Threat Defense Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92159"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108171"
},
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-frpwr-smb-snort"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1696"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1696"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-ftd-cmd-inject"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80106"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/snort-denial-of-service-via-smb-29400"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149158"
},
{
"db": "BID",
"id": "108171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
},
{
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149158"
},
{
"db": "BID",
"id": "108171"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
},
{
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-149158"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108171"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"date": "2019-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-008"
},
{
"date": "2019-05-03T15:29:01.167000",
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-149158"
},
{
"date": "2019-05-01T00:00:00",
"db": "BID",
"id": "108171"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004367"
},
{
"date": "2019-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-008"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-1696"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Threat Defense Software depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004367"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-008"
}
],
"trust": 0.6
}
}
VAR-201908-0841
Vulnerability from variot - Updated: 2024-11-27 22:42A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. Cisco Firepower Threat Defense (FTD) The software is vulnerable to a defect in the protection mechanism.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0841",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.1"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was found by Santosh Krishnamurthy of Cisco during internal security testing.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1970",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-152172",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1970",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1970",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1970",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1970",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1970",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-563",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-152172",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
},
{
"db": "NVD",
"id": "CVE-2019-1970"
},
{
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. Cisco Firepower Threat Defense (FTD) The software is vulnerable to a defect in the protection mechanism.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1970"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "VULHUB",
"id": "VHN-152172"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1970",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007623",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-563",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2996",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-152172",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
},
{
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"id": "VAR-201908-0841",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152172"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:42:19.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190807-ftd-bypass",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass"
},
{
"title": "Cisco Firepower Threat Defense Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96260"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-693",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190807-ftd-bypass"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1970"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1970"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2996/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
},
{
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152172"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
},
{
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-152172"
},
{
"date": "2019-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"date": "2019-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-563"
},
{
"date": "2019-08-08T08:15:12.960000",
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-152172"
},
{
"date": "2019-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007623"
},
{
"date": "2019-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-563"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-1970"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Threat Defense Vulnerability related to failure of protection mechanism in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-563"
}
],
"trust": 0.6
}
}
VAR-202010-1017
Vulnerability from variot - Updated: 2024-11-27 22:42A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device. Cisco Firepower Threat Defense (FTD) There are unspecified vulnerabilities in the software.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.10"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0.5"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.6"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "cisco firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"cve": "CVE-2020-3514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3514",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-181639",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2020-3514",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2020-3514",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-3514",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3514",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-3514",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1155",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-181639",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-3514",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181639"
},
{
"db": "VULMON",
"id": "CVE-2020-3514"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3514"
},
{
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device. Cisco Firepower Threat Defense (FTD) There are unspecified vulnerabilities in the software.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3514"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"db": "VULHUB",
"id": "VHN-181639"
},
{
"db": "VULMON",
"id": "CVE-2020-3514"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3514",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012598",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1155",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3634",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "50195",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181639",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3514",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181639"
},
{
"db": "VULMON",
"id": "CVE-2020-3514"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"id": "VAR-202010-1017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181639"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:42:13.173000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-ftd-container-esc-FmYqFBQV",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-container-esc-FmYqFBQV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-216",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-container-esc-fmyqfbqv"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3514"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3634/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50195"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181639"
},
{
"db": "VULMON",
"id": "CVE-2020-3514"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181639"
},
{
"db": "VULMON",
"id": "CVE-2020-3514"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-181639"
},
{
"date": "2020-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3514"
},
{
"date": "2021-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1155"
},
{
"date": "2020-10-21T19:15:16.717000",
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-181639"
},
{
"date": "2020-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3514"
},
{
"date": "2021-05-14T08:19:00",
"db": "JVNDB",
"id": "JVNDB-2020-012598"
},
{
"date": "2020-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1155"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2020-3514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1155"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Firepower\u00a0Threat\u00a0Defense\u00a0 Software vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012598"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1155"
}
],
"trust": 0.6
}
}
VAR-202110-1286
Vulnerability from variot - Updated: 2024-11-27 22:42Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. Cisco Firepower Threat Defense (FTD) There are unspecified vulnerabilities in the software.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.18"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.17"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.0"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.13"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.5.1"
},
{
"model": "firepower threat defense",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.6.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.7.0.3"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.16"
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"cve": "CVE-2021-34754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-34754",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-394996",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34754",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34754",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-34754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-34754",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-34754",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1989",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-394996",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1989"
},
{
"db": "NVD",
"id": "CVE-2021-34754"
},
{
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. Cisco Firepower Threat Defense (FTD) There are unspecified vulnerabilities in the software.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34754"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "VULHUB",
"id": "VHN-394996"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34754",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018437",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1989",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3597",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102909",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-394996",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1989"
},
{
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"id": "VAR-202110-1286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-394996"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:42:11.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-ftd-enip-bypass-eFsxd8KP",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-enip-bypass-eFsxd8KP"
},
{
"title": "Cisco Firepower Threat Defense Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168742"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1989"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ftd-enip-bypass-efsxd8kp"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34754"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3597"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102909"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1989"
},
{
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-394996"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1989"
},
{
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-394996"
},
{
"date": "2023-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"date": "2021-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1989"
},
{
"date": "2021-10-27T19:15:07.820000",
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-394996"
},
{
"date": "2023-06-15T01:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-018437"
},
{
"date": "2021-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1989"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2021-34754"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1989"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Firepower\u00a0Threat\u00a0Defense\u00a0 Software vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1989"
}
],
"trust": 0.6
}
}
VAR-201911-1050
Vulnerability from variot - Updated: 2024-11-27 22:39A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.5"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.0"
},
{
"model": "firepower services software for asa",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.16"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.15"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12.15"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13.6"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower services for asa",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_services_software_for_asa",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NSS Labs, Inc. .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1156"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1981",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-152293",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1981",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1981",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1981",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1981",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1981",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1981",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1156",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-152293",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152293"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1156"
},
{
"db": "NVD",
"id": "CVE-2019-1981"
},
{
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1981"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"db": "VULHUB",
"id": "VHN-152293"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1981",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011705",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1156",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-152293",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152293"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1156"
},
{
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"id": "VAR-201911-1050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152293"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:39:20.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190816-ftd-null",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-null"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
},
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152293"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-null"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1981"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1981"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3163/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152293"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1156"
},
{
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152293"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1156"
},
{
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-152293"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"date": "2019-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1156"
},
{
"date": "2019-11-05T20:15:11.783000",
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-152293"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011705"
},
{
"date": "2019-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1156"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-1981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011705"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1156"
}
],
"trust": 0.6
}
}
VAR-201911-1053
Vulnerability from variot - Updated: 2024-11-27 22:39A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.5"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.0"
},
{
"model": "firepower services software for asa",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.16"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.15"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12.15"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13.6"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower services for asa",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_services_software_for_asa",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NSS Labs",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1155"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1980",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-152282",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1980",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1980",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1980",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1980",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1980",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1980",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1155",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-152282",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-1980",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152282"
},
{
"db": "VULMON",
"id": "CVE-2019-1980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1155"
},
{
"db": "NVD",
"id": "CVE-2019-1980"
},
{
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"db": "VULHUB",
"id": "VHN-152282"
},
{
"db": "VULMON",
"id": "CVE-2019-1980"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1980",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1155",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-152282",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1980",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152282"
},
{
"db": "VULMON",
"id": "CVE-2019-1980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1155"
},
{
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"id": "VAR-201911-1053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152282"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:39:20.956000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190816-ftd-nspd",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-nspd"
},
{
"title": "Cisco: Cisco Firepower Threat Defense Software Nonstandard Protocol Detection Bypass Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190816-ftd-nspd"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152282"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-nspd"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1980"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1980"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3163/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152282"
},
{
"db": "VULMON",
"id": "CVE-2019-1980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1155"
},
{
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152282"
},
{
"db": "VULMON",
"id": "CVE-2019-1980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1155"
},
{
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-152282"
},
{
"date": "2019-11-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1980"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"date": "2019-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1155"
},
{
"date": "2019-11-05T20:15:11.690000",
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-152282"
},
{
"date": "2019-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1980"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011704"
},
{
"date": "2019-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1155"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-1980"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1155"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011704"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1155"
}
],
"trust": 0.6
}
}
VAR-201911-1051
Vulnerability from variot - Updated: 2024-11-27 22:39A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco). passed request)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower services software for asa",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.0"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower services for asa",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_services_software_for_asa",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NSS Labs",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1158"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1982",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1982",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-152304",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1982",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1982",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1982",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1982",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1982",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1982",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1158",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-152304",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-1982",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152304"
},
{
"db": "VULMON",
"id": "CVE-2019-1982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1158"
},
{
"db": "NVD",
"id": "CVE-2019-1982"
},
{
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this vulnerability by sending malicious requests to an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems, allowing attackers to deliver malicious content that would otherwise be blocked. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco). passed request)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"db": "VULHUB",
"id": "VHN-152304"
},
{
"db": "VULMON",
"id": "CVE-2019-1982"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1982",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1158",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-152304",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1982",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152304"
},
{
"db": "VULMON",
"id": "CVE-2019-1982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1158"
},
{
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"id": "VAR-201911-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152304"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:39:20.928000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190816-ftd-http",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-http"
},
{
"title": "Cisco: Cisco Firepower Threat Defense Software HTTP Filtering Bypass Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190816-ftd-http"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152304"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1982"
},
{
"trust": 1.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-http"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1982"
},
{
"trust": 0.6,
"url": "http"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-null"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-nspd"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-srb"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3163/"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152304"
},
{
"db": "VULMON",
"id": "CVE-2019-1982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1158"
},
{
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152304"
},
{
"db": "VULMON",
"id": "CVE-2019-1982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1158"
},
{
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-152304"
},
{
"date": "2019-11-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1982"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"date": "2019-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1158"
},
{
"date": "2019-11-05T20:15:11.907000",
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-152304"
},
{
"date": "2019-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1982"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011706"
},
{
"date": "2019-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1158"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-1982"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Inappropriate default permission vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011706"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1158"
}
],
"trust": 0.6
}
}
VAR-201911-1052
Vulnerability from variot - Updated: 2024-11-27 22:39A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.5"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.14.0"
},
{
"model": "firepower services software for asa",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.16"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.15"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.12.15"
},
{
"model": "secure firewall management center",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.9.13.6"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower services for asa",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_services_software_for_asa",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NSS Labs",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1978",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1978",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-152260",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1978",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1978",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-1978",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1978",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1978",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1978",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1154",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-152260",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-1978",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152260"
},
{
"db": "VULMON",
"id": "CVE-2019-1978"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
},
{
"db": "NVD",
"id": "CVE-2019-1978"
},
{
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Cisco Firepower Management Center (FMC) and others are products of Cisco (Cisco)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1978"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "VULHUB",
"id": "VHN-152260"
},
{
"db": "VULMON",
"id": "CVE-2019-1978"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1978",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1154",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-152260",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1978",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152260"
},
{
"db": "VULMON",
"id": "CVE-2019-1978"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
},
{
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"id": "VAR-201911-1052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152260"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:39:20.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190816-ftd-srb",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190816-ftd-srb"
},
{
"title": "Cisco Firepower Threat Defense , Cisco FirePOWER Services Software for ASA and Cisco Firepower Management Center stream reassembly Fixes for component permissions licensing and access control issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102159"
},
{
"title": "Cisco: Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190816-ftd-srb"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1978"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
},
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190816-ftd-srb"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1978"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3163/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
},
{
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152260"
},
{
"db": "VULMON",
"id": "CVE-2019-1978"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
},
{
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-152260"
},
{
"date": "2019-11-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1978"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"date": "2019-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1154"
},
{
"date": "2019-11-05T20:15:11.500000",
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-152260"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1978"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011708"
},
{
"date": "2019-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1154"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-1978"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011708"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1154"
}
],
"trust": 0.6
}
}
VAR-202005-0708
Vulnerability from variot - Updated: 2024-11-27 22:39A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0708",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2.1"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "secure firewall management center",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "firepower management center",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": null
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "5.3.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "5.4.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0.1.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0.1.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0.1.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.0.1.4"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0.4"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0.5"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0.6"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.1.0.7"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.0"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.0.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.0.2"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.0.3"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.0.4"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.0.5"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "6.2.2"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_management_center",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:firepower_threat_defense_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
}
]
},
"cve": "CVE-2020-3308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3308",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005220",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-181433",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3308",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3308",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005220",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3308",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3308",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005220",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-212",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-181433",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3308",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181433"
},
{
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-212"
},
{
"db": "NVD",
"id": "CVE-2020-3308"
},
{
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"db": "VULHUB",
"id": "VHN-181433"
},
{
"db": "VULMON",
"id": "CVE-2020-3308"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3308",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-212",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47935",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1614",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1614.2",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-27102",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-181433",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3308",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181433"
},
{
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-212"
},
{
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"id": "VAR-202005-0708",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181433"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:39:17.655000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sigbypass-FcvPPCeP",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sigbypass-FcvPPCeP"
},
{
"title": "Cisco: Cisco Firepower Threat Defense Software Signature Verification Bypass Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sigbypass-FcvPPCeP"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2020/05/07/cisco_may_patches/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181433"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sigbypass-fcvppcep"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3308"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3308"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47935"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1614/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1614.2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/347.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181508"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181433"
},
{
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-212"
},
{
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181433"
},
{
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-212"
},
{
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-181433"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"date": "2020-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-212"
},
{
"date": "2020-05-06T17:15:13.387000",
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-181433"
},
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3308"
},
{
"date": "2020-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005220"
},
{
"date": "2020-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-212"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2020-3308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-212"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower Threat Defense Software Software Digital Signature Verification Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-212"
}
],
"trust": 0.6
}
}
VAR-202009-0516
Vulnerability from variot - Updated: 2024-11-27 22:39A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources. A buffer error vulnerability exists in the implementation of the Lua interpreter in Cisco ASA Software and Cisco FTD
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.10.1.32"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.3.16"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9.2.61"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.15"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.10"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.14"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0.6"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.9"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.8.4.15"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.15.1.4"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0.7"
},
{
"model": "firepower threat defense",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.12.3"
},
{
"model": "secure firewall management center",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.5.0.2"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.7"
},
{
"model": "adaptive security appliance software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "9.12"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.13.1.4"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.14.2.7"
},
{
"model": "secure firewall management center",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.6.4.36"
},
{
"model": "cisco adaptive security appliance \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower management center",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco firepower threat defense \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
}
],
"trust": 0.6
},
"cve": "CVE-2019-15992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-15992",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-148094",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-15992",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2019-15992",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15992",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-15992",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15992",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-653",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-148094",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
},
{
"db": "NVD",
"id": "CVE-2019-15992"
},
{
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources. A buffer error vulnerability exists in the implementation of the Lua interpreter in Cisco ASA Software and Cisco FTD",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15992"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "VULHUB",
"id": "VHN-148094"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15992",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016027",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-653",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4300.6",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4300.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4300.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4300.4",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4300",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-148094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
},
{
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"id": "VAR-202009-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148094"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-27T22:39:16.102000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20191112-asa-ftd-lua-rce",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce"
},
{
"title": "Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102916"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191112-asa-ftd-lua-rce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15992"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00018.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2019/dsa-4585"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-asa-privilege-escalation-via-lua-interpreter-30833"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4300.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4300.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4300.6/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4300.4/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4300/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
},
{
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
},
{
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-148094"
},
{
"date": "2021-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"date": "2019-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-653"
},
{
"date": "2020-09-23T01:15:13.333000",
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-148094"
},
{
"date": "2021-04-12T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2019-016027"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-653"
},
{
"date": "2024-11-26T16:09:02.407000",
"db": "NVD",
"id": "CVE-2019-15992"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Adaptive\u00a0Security\u00a0Appliance\u00a0 Software and \u00a0Cisco\u00a0Firepower\u00a0Threat\u00a0Defense\u00a0 Buffer error vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016027"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-653"
}
],
"trust": 0.6
}
}
CERTFR-2025-ALE-013
Vulnerability from certfr_alerte - Published: 2025-09-25 - Updated: 2025-12-09
[Mise à jour du 07 novembre 2025]
Le 5 novembre 2025, Cisco a mis a jour son billet de blogue initialement publié le 25 septembre 2025 (cf. section Documentation). L'éditeur déclare avoir connaissance d'une nouvelle attaque, affectant les équipements ASA et FTD vulnérables, qui cause un déni de service à distance.
[Mise à jour du 06 octobre 2025]
Le CERT-FR a connaissance de codes d'exploitation publics.
[Publication initiale]
Le 25 septembre 2025, Cisco a publié plusieurs avis de sécurité, un billet de blogue ainsi qu'un guide de détection concernant des vulnérabilités affectant le serveur VPN Web de Adaptive Security Appliance (ASA) et Secure Firewall Threat Defense (FTD).
La vulnérabilité CVE-2025-20362 permet à un attaquant de contourner l'authentification pour accéder à des ressources protégées.
La vulnérabilité CVE-2025-20333 permet à un attaquant authentifié d'exécuter du code arbitraire à distance.
Exploitées conjointement, celles-ci permettent à un attaquant non authentifié de prendre la main sur une machine vulnérable.
Cisco indique que ces vulnérabilités sont activement exploitées.
Solutions
[Mise à jour du 26 septembre 2025]
Suite à plusieurs publications de la Cisa (dont [2]), le CERT-FR recommande d'effectuer les actions suivantes :
- lancer la commande show checkheaps toutes les minutes pendant cinq minutes et sauvegarder les résultats sur un système tiers. Un exemple de résultat est présenté dans [1] ;
* la valeur située dans la ligne Totale number of runs doit s'incrémenter au cours du temps. Si aucune évolution n'est constatée, cela indique une potentielle compromission ;
- lancer la commande show tech-support detail et sauvegarder les résultats sur un système tiers ;
- lancer la commande more /binary system:/text | grep 55534154 41554156 41575756 488bb3a0 et sauvegarder les résultats sur un système tiers ;
* si cette commande retourne des résultats, cela indique une potentielle compromission ;
- vérifier la quantité d'événements syslog 302013, 302014, 609002 et 71005 [1] et [2] car une diminution notable peut indiquer une potentielle compromission ;
- à ce stade, si une compromission potentielle est détectée, envisager de déconnecter l'équipement d'Internet et signaler immédiatement l’événement auprès du CERT-FR qui vous indiquera la marche à suivre ;
- si aucune compromission n'a été détectée jusque-là, effectuer la mise à jour de l'équipement si celle-ci est disponible ;
* lors du processus de mise à jour, surveiller les messages affichés sur la console de l'équipement, conformément aux étapes présentées dans la section Bootloader and/or ROMMON Verification Failure de [1] ;
- à l'issue de la mise à jour, chercher sur l'équipement la présence d'un fichier nommé firmware_update.log ;
* en cas de présence de ce fichier, récupérer son contenu et sauvegarder les résultats sur un système tiers, cela indique une potentielle compromission , envisager alors de déconnecter l'équipement d'Internet et signaler l’événement auprès du CERT-FR qui vous indiquera la marche à suivre ;
- effectuer une recherche de compromission et de latéralisation plus large, en utilisant les éléments suivants:
* rechercher des connections VPN rapprochées avec des origines géographiques distantes [1] et [2] ;
* rechercher les éléments présentés dans la section Step Two: Review Compromised Account Activityde [2] ;
* rechercher des indicateurs de compromission en se basant sur les éléments présentés dans la section Rules and signatures de [3] ;
* rechercher toutes traces de latéralisation sur le reste du système d’information, notamment :
* en cherchant les connexions ou tentatives de connexion vers Internet depuis l'équipement ;
* puis en cherchant ces adresses IP de destination pour vérifier si d’autres machines ont tenté une connexion.
* si vous trouvez des traces de latéralisation, contactez le CERT-FR ;
- dans tous les cas, effectuer une rotation de l'ensemble des secrets et des éléments de configuration de l'équipement ainsi que de tous les secrets qui auraient pu transiter par cet équipement.
Si aucune mise à jour n'est disponible pour l'équipement, le CERT-FR recommande de le déconnecter d'Internet.
[Publication initiale]
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Dans l'attente de l'application des correctifs, Cisco recommande de désactiver les services VPN (IKEv2 et SSL VPN).
L'éditeur fournit également des renseignements pour tenter de détecter une compromission potentielle (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.7.x antérieures à 7.7.10.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.17.x et 9.18.x antérieures à 9.18.4.67 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.3.x et 7.4.x antérieures à 7.4.2.4 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.6.x antérieures à 7.6.2.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.16.x antérieures à 9.16.4.85 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.19.x et 9.20.x antérieures à 9.20.4.10 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.12.x antérieures à 9.12.4.72 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.23.x antérieures à 9.23.1.19 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.0.x antérieures à 7.0.8.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.22.x antérieures à 9.22.2.14 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.14.x antérieures à 9.14.4.28 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.1.x et 7.2.x antérieures à 7.2.10.2 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firewall Threat Defense (FTD) versions 7.7.x ant\u00e9rieures \u00e0 7.7.10.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.17.x et 9.18.x ant\u00e9rieures \u00e0 9.18.4.67",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.3.x et 7.4.x ant\u00e9rieures \u00e0 7.4.2.4",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.6.x ant\u00e9rieures \u00e0 7.6.2.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.16.x ant\u00e9rieures \u00e0 9.16.4.85",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.19.x et 9.20.x ant\u00e9rieures \u00e0 9.20.4.10",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.12.x ant\u00e9rieures \u00e0 9.12.4.72",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.23.x ant\u00e9rieures \u00e0 9.23.1.19",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.0.x ant\u00e9rieures \u00e0 7.0.8.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.22.x ant\u00e9rieures \u00e0 9.22.2.14",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.14.x ant\u00e9rieures \u00e0 9.14.4.28",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.1.x et 7.2.x ant\u00e9rieures \u00e0 7.2.10.2",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2025-12-09",
"content": "## Solutions\n\n**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 26 septembre 2025]\u003c/span\u003e**\n\nSuite \u00e0 plusieurs publications de la Cisa (dont [2]), le CERT-FR recommande d\u0027effectuer les actions suivantes : \n- lancer la commande `show checkheaps` toutes les minutes pendant cinq minutes et sauvegarder les r\u00e9sultats sur un syst\u00e8me tiers. Un exemple de r\u00e9sultat est pr\u00e9sent\u00e9 dans [1] ;\n * la valeur situ\u00e9e dans la ligne `Totale number of runs` doit s\u0027incr\u00e9menter au cours du temps. Si aucune \u00e9volution n\u0027est constat\u00e9e, cela indique une potentielle compromission ;\n- lancer la commande `show tech-support detail` et sauvegarder les r\u00e9sultats sur un syst\u00e8me tiers ;\n- lancer la commande `more /binary system:/text | grep 55534154 41554156 41575756 488bb3a0` et sauvegarder les r\u00e9sultats sur un syst\u00e8me tiers ;\n * si cette commande retourne des r\u00e9sultats, cela indique une potentielle compromission ;\n- v\u00e9rifier la quantit\u00e9 d\u0027\u00e9v\u00e9nements syslog 302013, 302014, 609002 et 71005 [1] et [2] car une diminution notable peut indiquer une potentielle compromission ;\n- **\u00e0 ce stade, si une compromission potentielle est d\u00e9tect\u00e9e, envisager de d\u00e9connecter l\u0027\u00e9quipement d\u0027Internet et [signaler imm\u00e9diatement l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR](https://www.cert.ssi.gouv.fr/contact/) qui vous indiquera la marche \u00e0 suivre** ;\n- si aucune compromission n\u0027a \u00e9t\u00e9 d\u00e9tect\u00e9e jusque-l\u00e0, effectuer la mise \u00e0 jour de l\u0027\u00e9quipement si celle-ci est disponible ;\n * lors du processus de mise \u00e0 jour, surveiller les messages affich\u00e9s sur la console de l\u0027\u00e9quipement, conform\u00e9ment aux \u00e9tapes pr\u00e9sent\u00e9es dans la section `Bootloader and/or ROMMON Verification Failure` de [1] ;\n- \u00e0 l\u0027issue de la mise \u00e0 jour, chercher sur l\u0027\u00e9quipement la pr\u00e9sence d\u0027un fichier nomm\u00e9 `firmware_update.log` ;\n * en cas de pr\u00e9sence de ce fichier, r\u00e9cup\u00e9rer son contenu et sauvegarder les r\u00e9sultats sur un syst\u00e8me tiers, **cela indique une potentielle compromission , envisager alors de d\u00e9connecter l\u0027\u00e9quipement d\u0027Internet et [signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR](https://www.cert.ssi.gouv.fr/contact/) qui vous indiquera la marche \u00e0 suivre** ;\n- effectuer une recherche de compromission et de lat\u00e9ralisation plus large, en utilisant les \u00e9l\u00e9ments suivants:\n * rechercher des connections VPN rapproch\u00e9es avec des origines g\u00e9ographiques distantes [1] et [2] ;\n * rechercher les \u00e9l\u00e9ments pr\u00e9sent\u00e9s dans la section `Step Two: Review Compromised Account Activity`de [2] ;\n * rechercher des indicateurs de compromission en se basant sur les \u00e9l\u00e9ments pr\u00e9sent\u00e9s dans la section `Rules and signatures` de [3] ;\n * rechercher toutes traces de lat\u00e9ralisation sur le reste du syst\u00e8me d\u2019information, notamment :\n * en cherchant les connexions ou tentatives de connexion vers Internet depuis l\u0027\u00e9quipement ;\n * puis en cherchant ces adresses IP de destination pour v\u00e9rifier si d\u2019autres machines ont tent\u00e9 une connexion.\n * si vous trouvez des traces de lat\u00e9ralisation, [contactez le CERT-FR](https://www.cert.ssi.gouv.fr/contact/) ;\n- dans tous les cas, effectuer une rotation de l\u0027ensemble des secrets et des \u00e9l\u00e9ments de configuration de l\u0027\u00e9quipement ainsi que de tous les secrets qui auraient pu transiter par cet \u00e9quipement.\n\nSi aucune mise \u00e0 jour n\u0027est disponible pour l\u0027\u00e9quipement, le CERT-FR recommande de le d\u00e9connecter d\u0027Internet. \n\n**[Publication initiale]**\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n\nDans l\u0027attente de l\u0027application des correctifs, Cisco recommande de d\u00e9sactiver les services VPN (IKEv2 et SSL VPN).\n\nL\u0027\u00e9diteur fournit \u00e9galement des renseignements pour tenter de d\u00e9tecter une compromission potentielle (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2025-20333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20333"
},
{
"name": "CVE-2025-20362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20362"
}
],
"initial_release_date": "2025-09-25T00:00:00",
"last_revision_date": "2025-12-09T00:00:00",
"links": [
{
"title": "[3] Rapport d\u0027analyse des logiciels malveillants RayInitiator et LINE VIPER du NCSC-UK",
"url": "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/RayInitiator-LINE-VIPER/ncsc-mar-rayinitiator-line-viper.pdf"
},
{
"title": "Billet de blogue Cisco du 25 septembre 2025",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks"
},
{
"title": "Compromission d\u0027un \u00e9quipement de bordure r\u00e9seau - Endiguement",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2025-RFX-002/"
},
{
"title": "[1] Guide de d\u00e9tection Cisco du 25 septembre 2025",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/detection_guide_for_continued_attacks"
},
{
"title": "Compromission d\u0027un \u00e9quipement de bordure r\u00e9seau - Qualification",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2025-RFX-001/"
},
{
"title": "Avis CERT-FR CERTFR-2025-AVI-0819 du 25 septembre 2025",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0819/"
},
{
"title": "[2] Guide de la CISA relatif \u00e0 la r\u00e9alisation d\u0027un vidage m\u00e9moire et de la recherche de compromission",
"url": "https://www.cisa.gov/news-events/directives/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions"
}
],
"reference": "CERTFR-2025-ALE-013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-25T00:00:00.000000"
},
{
"description": "Ajout d\u0027\u00e9l\u00e9ments pour la recherche de compromission",
"revision_date": "2025-09-26T00:00:00.000000"
},
{
"description": "Clarification des recommandations.",
"revision_date": "2025-09-26T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour du billet de blogue Cisco.",
"revision_date": "2025-11-07T00:00:00.000000"
},
{
"description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2025-12-09T00:00:00.000000"
},
{
"description": "Connaissance de codes d\u0027exploitation publics",
"revision_date": "2025-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 07 novembre 2025]\u003c/span\u003e**\n\nLe 5 novembre 2025, Cisco a mis a jour son billet de blogue initialement publi\u00e9 le 25 septembre 2025 (cf. section Documentation). L\u0027\u00e9diteur d\u00e9clare avoir connaissance d\u0027une nouvelle attaque, affectant les \u00e9quipements ASA et FTD vuln\u00e9rables, qui cause un d\u00e9ni de service \u00e0 distance.\n\n**[Mise \u00e0 jour du 06 octobre 2025]**\n\nLe CERT-FR a connaissance de codes d\u0027exploitation publics.\n\n**[Publication initiale]**\n\nLe 25 septembre 2025, Cisco a publi\u00e9 plusieurs avis de s\u00e9curit\u00e9, un billet de blogue ainsi qu\u0027un guide de d\u00e9tection concernant des vuln\u00e9rabilit\u00e9s affectant le serveur VPN Web de Adaptive Security Appliance (ASA) et Secure Firewall Threat Defense (FTD).\n\nLa vuln\u00e9rabilit\u00e9 CVE-2025-20362 permet \u00e0 un attaquant de contourner l\u0027authentification pour acc\u00e9der \u00e0 des ressources prot\u00e9g\u00e9es. \u003cbr /\u003e\nLa vuln\u00e9rabilit\u00e9 CVE-2025-20333 permet \u00e0 un attaquant authentifi\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance. \u003cbr /\u003e\n\nExploit\u00e9es conjointement, celles-ci permettent \u00e0 un attaquant non authentifi\u00e9 de prendre la main sur une machine vuln\u00e9rable.\n\nCisco indique que ces vuln\u00e9rabilit\u00e9s sont activement exploit\u00e9es.",
"title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Cisco ASA et FTD",
"vendor_advisories": [
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-webvpn-z5xP8EUB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-webvpn-YROOTUW",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW"
}
]
}
CERTFR-2025-AVI-0819
Vulnerability from certfr_avis - Published: 2025-09-25 - Updated: 2025-09-25
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Cisco indique que les vulnérabilités CVE-2025-20333 et CVE-2025-20362 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.7.x antérieures à 7.7.10.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.17.x et 9.18.x antérieures à 9.18.4.67 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.3.x et 7.4.x antérieures à 7.4.2.4 | ||
| Cisco | IOS XE | IOS XE, se référer au bulletin de sécurité de l'éditeur pour les versions vulnérables (cf. section Documentation) | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.16.x antérieures à 9.16.4.85 | ||
| Cisco | IOS | IOS, se référer au bulletin de sécurité de l'éditeur pour les versions vulnérables (cf. section Documentation) | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.19.x et 9.20.x antérieures à 9.20.4.10 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.12.x antérieures à 9.12.4.72 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.23.x antérieures à 9.23.1.19 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.0.x antérieures à 7.0.8.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.22.x antérieures à 9.22.2.14 | ||
| Cisco | IOS XR | IOS XR version 6.8 sur architecture 32 bits | ||
| Cisco | IOS XR | IOS XR version 6.9 sur architecture 32 bits | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.6.x antérieures à 7.6.2.1 | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) versions 9.14.x antérieures à 9.14.4.28 | ||
| Cisco | Firepower Threat Defense | Firewall Threat Defense (FTD) versions 7.1.x et 7.2.x antérieures à 7.2.10.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firewall Threat Defense (FTD) versions 7.7.x ant\u00e9rieures \u00e0 7.7.10.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.17.x et 9.18.x ant\u00e9rieures \u00e0 9.18.4.67",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.3.x et 7.4.x ant\u00e9rieures \u00e0 7.4.2.4",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.16.x ant\u00e9rieures \u00e0 9.16.4.85",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.19.x et 9.20.x ant\u00e9rieures \u00e0 9.20.4.10",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.12.x ant\u00e9rieures \u00e0 9.12.4.72",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.23.x ant\u00e9rieures \u00e0 9.23.1.19",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.0.x ant\u00e9rieures \u00e0 7.0.8.1",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.22.x ant\u00e9rieures \u00e0 9.22.2.14",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR version 6.8 sur architecture 32 bits",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR version 6.9 sur architecture 32 bits",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.6.x ant\u00e9rieures \u00e0 7.6.2.1 ",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) versions 9.14.x ant\u00e9rieures \u00e0 9.14.4.28",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firewall Threat Defense (FTD) versions 7.1.x et 7.2.x ant\u00e9rieures \u00e0 7.2.10.2",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20333"
},
{
"name": "CVE-2025-20362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20362"
},
{
"name": "CVE-2025-20363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20363"
}
],
"initial_release_date": "2025-09-25T00:00:00",
"last_revision_date": "2025-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0819",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nCisco indique que les vuln\u00e9rabilit\u00e9s CVE-2025-20333 et CVE-2025-20362 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-http-code-exec-WmfP3h3O",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-webvpn-z5xP8EUB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB"
},
{
"published_at": "2025-09-25",
"title": "Billet de blogue Cisco asa_ftd_continued_attacks",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks"
},
{
"published_at": "2025-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-webvpn-YROOTUW",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW"
}
]
}