Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
86 vulnerabilities found for RUGGEDCOM ROX RX1501 by Siemens
VAR-202105-1325
Vulnerability from variot - Updated: 2026-03-09 23:19In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. ISC (Internet Systems Consortium) Provided by ISC DHCP contains a buffer overflow vulnerability. ISC DHCP contains a buffer overflow vulnerability due to a discrepancy between the processing of optional information encapsulated within network packets and information stored on disk. There is a discrepancy between the code that handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). 6 ELS) - i386, s390x, x86_64
- These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- ========================================================================= Ubuntu Security Notice USN-4969-2 May 27, 2021
isc-dhcp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
DHCP could be made to crash if it received specially crafted network traffic.
Software Description: - isc-dhcp: DHCP server and client
Details:
USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: isc-dhcp-client 4.3.3-5ubuntu12.10+esm1 isc-dhcp-server 4.3.3-5ubuntu12.10+esm1
Ubuntu 14.04 ESM: isc-dhcp-client 4.2.4-7ubuntu12.13+esm1 isc-dhcp-server 4.2.4-7ubuntu12.13+esm1
In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: dhcp security update Advisory ID: RHSA-2021:2357-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2357 Issue date: 2021-06-09 CVE Names: CVE-2021-25217 ==================================================================== 1. Summary:
An update for dhcp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Security Fix(es):
- dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
ppc64: dhclient-4.2.5-83.el7_9.1.ppc64.rpm dhcp-4.2.5-83.el7_9.1.ppc64.rpm dhcp-common-4.2.5-83.el7_9.1.ppc64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc64.rpm
ppc64le: dhclient-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-common-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc64le.rpm
s390x: dhclient-4.2.5-83.el7_9.1.s390x.rpm dhcp-4.2.5-83.el7_9.1.s390x.rpm dhcp-common-4.2.5-83.el7_9.1.s390x.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm dhcp-libs-4.2.5-83.el7_9.1.s390.rpm dhcp-libs-4.2.5-83.el7_9.1.s390x.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: dhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc64.rpm
ppc64le: dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc64le.rpm
s390x: dhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm dhcp-devel-4.2.5-83.el7_9.1.s390.rpm dhcp-devel-4.2.5-83.el7_9.1.s390x.rpm
x86_64: dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dhcp-4.2.5-83.el7_9.1.src.rpm
x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMCeytzjgjWX9erEAQgPYw/+K6NTT5tvNy0WHRy46UioFuzIbxlMOPzm zXmk61B2Dgod7DCU3EbF9u7nSViaQds11pDCrTejH70WrqNQSaWMhsASgtNmQ42q 0oVWQwqyB8mP/73BwYJQ84eZDGwsyqQf/9MO96g4c0jlZOAu9vSxvSflQ4DY8m9L 0+pk3/zHOsUz3Za7Ns/1wa8pmq3hxAt0z6Z6ri0Ka8CEHg7W7ELGC67ih1BOcpP5 mdWOSfTW+F1EzmerDW0eom09R/Ndfo/FdGeCbEq1K6kvcrPy4e/tsyBCquPYPFar aTADxJPMObDTY0dJhqw1qZ5cERLnhJaj8GzWc0Ne2KIAFig/NcVhEZL8RtvrNWhO JIaVZ7zK6bi1VASVVIAP8yQzwdZFEbfMREOa705gMvXMz1Ux08YvsbrelD/LeJXe 45C2+zGvM7KDd/AlrhopZPbBJI07tbNe8qWzFggJtBTMVg28i5K7DjFjvASFZFrV 8nKdWae1GOEtH23fygGOoW4m0KkGWd1Tc/lte6Wy788KOa/yF3IQkWeTSo5KG33Q UHCzx6NzHyeAgW7K9QvvpIjfbxIAyBbebsIkhOhySjfsAp28lKkaZZRVF/sNWIvG GRibEMi366KUTR5AiTMAjHoYgIDzp7nywWiYBhf9SuNgqV3kG0Yz7fd1ac0+qcH5 zPKanVJNoQs=9+pl -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "ruggedcom rox rx1512",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox mx5000",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "dhcp",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "4.4.2"
},
{
"_id": null,
"model": "ruggedcom rox rx1500",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx5000",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1510",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1511",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1501",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1536",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "4.4.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "4.1-esv"
},
{
"_id": null,
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1524",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.15.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "4.4.0 to 4.4.2"
},
{
"_id": null,
"model": "dhcp",
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "4.1-esv-r1 to 4.1-esv-r16"
},
{
"_id": null,
"model": "dhcp",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163051"
}
],
"trust": 0.8
},
"cve": "CVE-2021-25217",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-25217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-25217",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001741",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001741",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-25217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2021-25217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001741",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2021-001741",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1759",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25217",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"description": {
"_id": null,
"data": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. ISC (Internet Systems Consortium) Provided by ISC DHCP contains a buffer overflow vulnerability. ISC DHCP contains a buffer overflow vulnerability due to a discrepancy between the processing of optional information encapsulated within network packets and information stored on disk. There is a discrepancy between the code that handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). 6 ELS) - i386, s390x, x86_64\n\n3. \nThese packages include redhat-release-virtualization-host. \nRHVH features a Cockpit user interface for monitoring the host\u0027s resources\nand\nperforming administrative tasks. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n4. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n5. =========================================================================\nUbuntu Security Notice USN-4969-2\nMay 27, 2021\n\nisc-dhcp vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nDHCP could be made to crash if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- isc-dhcp: DHCP server and client\n\nDetails:\n\nUSN-4969-1 fixed a vulnerability in DHCP. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly\n handled lease file parsing. A remote attacker could possibly use this issue\n to cause DHCP to crash, resulting in a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n isc-dhcp-client 4.3.3-5ubuntu12.10+esm1\n isc-dhcp-server 4.3.3-5ubuntu12.10+esm1\n\nUbuntu 14.04 ESM:\n isc-dhcp-client 4.2.4-7ubuntu12.13+esm1\n isc-dhcp-server 4.2.4-7ubuntu12.13+esm1\n\nIn general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: dhcp security update\nAdvisory ID: RHSA-2021:2357-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2357\nIssue date: 2021-06-09\nCVE Names: CVE-2021-25217\n====================================================================\n1. Summary:\n\nAn update for dhcp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress. The dhcp packages provide a relay agent and ISC DHCP service\nrequired to enable and administer DHCP on a network. \n\nSecurity Fix(es):\n\n* dhcp: stack-based buffer overflow when parsing statements with\ncolon-separated hex digits in config or lease files in dhcpd and dhclient\n(CVE-2021-25217)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nppc64:\ndhclient-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-common-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc64.rpm\n\nppc64le:\ndhclient-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-common-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc64le.rpm\n\ns390x:\ndhclient-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-common-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-libs-4.2.5-83.el7_9.1.s390.rpm\ndhcp-libs-4.2.5-83.el7_9.1.s390x.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc64.rpm\n\nppc64le:\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc64le.rpm\n\ns390x:\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-devel-4.2.5-83.el7_9.1.s390.rpm\ndhcp-devel-4.2.5-83.el7_9.1.s390x.rpm\n\nx86_64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-25217\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMCeytzjgjWX9erEAQgPYw/+K6NTT5tvNy0WHRy46UioFuzIbxlMOPzm\nzXmk61B2Dgod7DCU3EbF9u7nSViaQds11pDCrTejH70WrqNQSaWMhsASgtNmQ42q\n0oVWQwqyB8mP/73BwYJQ84eZDGwsyqQf/9MO96g4c0jlZOAu9vSxvSflQ4DY8m9L\n0+pk3/zHOsUz3Za7Ns/1wa8pmq3hxAt0z6Z6ri0Ka8CEHg7W7ELGC67ih1BOcpP5\nmdWOSfTW+F1EzmerDW0eom09R/Ndfo/FdGeCbEq1K6kvcrPy4e/tsyBCquPYPFar\naTADxJPMObDTY0dJhqw1qZ5cERLnhJaj8GzWc0Ne2KIAFig/NcVhEZL8RtvrNWhO\nJIaVZ7zK6bi1VASVVIAP8yQzwdZFEbfMREOa705gMvXMz1Ux08YvsbrelD/LeJXe\n45C2+zGvM7KDd/AlrhopZPbBJI07tbNe8qWzFggJtBTMVg28i5K7DjFjvASFZFrV\n8nKdWae1GOEtH23fygGOoW4m0KkGWd1Tc/lte6Wy788KOa/yF3IQkWeTSo5KG33Q\nUHCzx6NzHyeAgW7K9QvvpIjfbxIAyBbebsIkhOhySjfsAp28lKkaZZRVF/sNWIvG\nGRibEMi366KUTR5AiTMAjHoYgIDzp7nywWiYBhf9SuNgqV3kG0Yz7fd1ac0+qcH5\nzPKanVJNoQs=9+pl\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "162841"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163051"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-25217",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-637483",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-406691",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/26/6",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-258-05",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU99475301",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95111565",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163196",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163400",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163129",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163137",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163051",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.2711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2508",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2120",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1935",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1834",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2158",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2320",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070616",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062228",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122914",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071311",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061429",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060933",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052902",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060134",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162840",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163240",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162841",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163140",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "162841"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163051"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"id": "VAR-202105-1325",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.366531175
},
"last_update_date": "2026-03-09T23:19:43.880000Z",
"patch": {
"_id": null,
"data": [
{
"title": "ISC\u00a0DHCP\u00a0 buffer overflow vulnerability in",
"trust": 0.8,
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"title": "Debian CVElist Bug Report Logs: isc-dhcp: CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b55bb445f71f0d88702845d3582e2b5c"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1510",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1510"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1654",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1654"
},
{
"title": "Red Hat: CVE-2021-25217",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-25217"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-25217 log"
},
{
"title": "Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=34f98e4f4344c97599fe2d33618956a7"
},
{
"title": "Completion for lacework",
"trust": 0.1,
"url": "https://github.com/fbreton/lacework "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "https://kb.isc.org/docs/cve-2021-25217"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-22"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z2lb42jwiv4m4wdnxx5vgip26feywkif/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5qi4dyc7j4bghew3nh4xhmwthyc36uk4/"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25217"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95111565"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99475301/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z2lb42jwiv4m4wdnxx5vgip26feywkif/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5qi4dyc7j4bghew3nh4xhmwthyc36uk4/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163051/red-hat-security-advisory-2021-2357-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031109"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060933"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2508"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163137/red-hat-security-advisory-2021-2418-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071311"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061429"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2320"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163400/red-hat-security-advisory-2021-2555-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2120"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070616"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062228"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/isc-dhcp-denial-of-service-via-lease-file-parsing-35555"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163129/red-hat-security-advisory-2021-2405-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052902"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122914"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162840/ubuntu-security-notice-usn-4969-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163196/red-hat-security-advisory-2021-2469-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052708"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4616"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6490433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1874"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1935"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1834"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2158"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6498095"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060134"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2072"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989157"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2021-1510.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2555"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4969-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4969-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2418"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2357"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25217"
},
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "162841"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163051"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
},
{
"db": "NVD",
"id": "CVE-2021-25217"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25217",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163196",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163151",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163240",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163400",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162841",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163129",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163137",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163140",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163051",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-25217",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25217",
"ident": null
},
{
"date": "2021-06-17T18:09:00",
"db": "PACKETSTORM",
"id": "163196",
"ident": null
},
{
"date": "2021-06-15T15:01:13",
"db": "PACKETSTORM",
"id": "163151",
"ident": null
},
{
"date": "2021-06-22T19:32:24",
"db": "PACKETSTORM",
"id": "163240",
"ident": null
},
{
"date": "2021-07-06T15:19:09",
"db": "PACKETSTORM",
"id": "163400",
"ident": null
},
{
"date": "2021-05-27T13:30:42",
"db": "PACKETSTORM",
"id": "162841",
"ident": null
},
{
"date": "2021-06-14T15:49:07",
"db": "PACKETSTORM",
"id": "163129",
"ident": null
},
{
"date": "2021-06-15T14:41:42",
"db": "PACKETSTORM",
"id": "163137",
"ident": null
},
{
"date": "2021-06-15T14:44:42",
"db": "PACKETSTORM",
"id": "163140",
"ident": null
},
{
"date": "2021-06-09T13:43:37",
"db": "PACKETSTORM",
"id": "163051",
"ident": null
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"ident": null
},
{
"date": "2021-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"ident": null
},
{
"date": "2021-05-26T22:15:07.947000",
"db": "NVD",
"id": "CVE-2021-25217",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25217",
"ident": null
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1759",
"ident": null
},
{
"date": "2022-09-20T06:10:00",
"db": "JVNDB",
"id": "JVNDB-2021-001741",
"ident": null
},
{
"date": "2023-11-07T03:31:24.893000",
"db": "NVD",
"id": "CVE-2021-25217",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1759"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "ISC\u00a0DHCP\u00a0 buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001741"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "163196"
},
{
"db": "PACKETSTORM",
"id": "163151"
},
{
"db": "PACKETSTORM",
"id": "163240"
},
{
"db": "PACKETSTORM",
"id": "163400"
},
{
"db": "PACKETSTORM",
"id": "163129"
},
{
"db": "PACKETSTORM",
"id": "163137"
},
{
"db": "PACKETSTORM",
"id": "163140"
},
{
"db": "PACKETSTORM",
"id": "163051"
}
],
"trust": 0.8
}
}
VAR-202001-1433
Vulnerability from variot - Updated: 2026-03-09 22:28When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Background
The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2019:4152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4152 Issue date: 2019-12-10 CVE Names: CVE-2019-11745 ==================================================================== 1. Summary:
An update for nss-softokn is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.
Security Fix(es):
- nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
ppc64: nss-softokn-3.44.0-6.el6_10.ppc.rpm nss-softokn-3.44.0-6.el6_10.ppc64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm
s390x: nss-softokn-3.44.0-6.el6_10.s390.rpm nss-softokn-3.44.0-6.el6_10.s390x.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm nss-softokn-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-devel-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: nss-softokn-3.44.0-6.el6_10.src.rpm
i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5 lQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV atrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM N7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz 5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT Me5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg 2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu pUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv rnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD 9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN +wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP Iowc4iq7Yac=lxBi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4335-1 April 21, 2020
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825)
It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745)
It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755)
A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903)
It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794)
It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2
After a standard system update you need to restart Thunderbird to make all the necessary changes. 7.4) - x86_64
-
8) - aarch64, ppc64le, s390x, x86_64
-
Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02
https://security.gentoo.org/
Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.
Background
Mozilla Firefox is a popular open-source web browser from the Mozilla Project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0"
References
[ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - ppc64le, x86_64
For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "68.3.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"_id": null,
"model": "firefox",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "71.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "firefox esr",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "68.3"
},
{
"_id": null,
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"_id": null,
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu,Red Hat,Craig Disselkoen,Slackware Security Team,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
},
"cve": "CVE-2019-11745",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-11745",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11745",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11745",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-11745",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"description": {
"_id": null,
"data": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71. \n\nBackground\n==========\n\nThe Mozilla Network Security Service (NSS) is a library implementing\nsecurity features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11,\nPKCS #12, S/MIME and X.509 certificates. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: nss-softokn security update\nAdvisory ID: RHSA-2019:4152-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:4152\nIssue date: 2019-12-10\nCVE Names: CVE-2019-11745\n====================================================================\n1. Summary:\n\nAn update for nss-softokn is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nThe nss-softokn package provides the Network Security Services Softoken\nCryptographic Module. \n\nSecurity Fix(es):\n\n* nss: Out-of-bounds write when passing an output buffer smaller than the\nblock size to NSC_EncryptUpdate (CVE-2019-11745)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\ni386:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\n\nx86_64:\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\ni386:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\n\nppc64:\nnss-softokn-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm\n\ns390x:\nnss-softokn-3.44.0-6.el6_10.s390.rpm\nnss-softokn-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-devel-3.44.0-6.el6_10.s390.rpm\nnss-softokn-devel-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.s390.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nnss-softokn-3.44.0-6.el6_10.src.rpm\n\ni386:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\n\nx86_64:\nnss-softokn-3.44.0-6.el6_10.i686.rpm\nnss-softokn-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm\nnss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm\nnss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11745\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5\nlQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV\natrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM\nN7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz\n5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT\nMe5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg\n2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu\npUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv\nrnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD\n9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN\n+wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP\nIowc4iq7Yac=lxBi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4335-1\nApril 21, 2020\n\nthunderbird vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Thunderbird. \n\nSoftware Description:\n- thunderbird: Mozilla Open Source mail and newsgroup client\n\nDetails:\n\nMultiple security issues were discovered in Thunderbird. If a user were\ntricked in to opening a specially crafted website in a browsing context,\nan attacker could potentially exploit these to cause a denial of service,\nobtain sensitive information, bypass security restrictions, bypass\nsame-origin restrictions, conduct cross-site scripting (XSS) attacks, or\nexecute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,\nCVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,\nCVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,\nCVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,\nCVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,\nCVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,\nCVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821,\nCVE-2020-6825)\n\nIt was discovered that NSS incorrectly handled certain memory operations. \nA remote attacker could potentially exploit this to cause a denial of\nservice, or execute arbitrary code. (CVE-2019-11745)\n\nIt was discovered that a specially crafted S/MIME message with an inner\nencryption layer could be displayed as having a valid signature in some\ncircumstances, even if the signer had no access to the encrypted message. \nAn attacker could potentially exploit this to spoof the message author. \n(CVE-2019-11755)\n\nA heap overflow was discovered in the expat library in Thunderbird. If a\nuser were tricked in to opening a specially crafted message, an attacker\ncould potentially exploit this to cause a denial of service, or execute\narbitrary code. (CVE-2019-15903)\n\nIt was discovered that Message ID calculation was based on uninitialized\ndata. An attacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2020-6792)\n\nMutiple security issues were discovered in Thunderbird. If a user were\ntricked in to opening a specially crafted message, an attacker could\npotentially exploit these to cause a denial of service, obtain sensitive\ninformation, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,\nCVE-2020-6822)\n\nIt was discovered that if a user saved passwords before Thunderbird 60 and\nthen later set a master password, an unencrypted copy of these passwords\nwould still be accessible. A local user could exploit this to obtain\nsensitive information. (CVE-2020-6794)\n\nIt was discovered that the Devtools\u2019 \u2018Copy as cURL\u2019 feature did not\nfully escape website-controlled data. If a user were tricked in to using\nthe \u2018Copy as cURL\u2019 feature to copy and paste a command with specially\ncrafted data in to a terminal, an attacker could potentially exploit this\nto execute arbitrary commands via command injection. (CVE-2020-6811)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2\n\nAfter a standard system update you need to restart Thunderbird to make\nall the necessary changes. 7.4) - x86_64\n\n3. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Mozilla Firefox: Multiple vulnerabilities\n Date: March 12, 2020\n Bugs: #702638, #705000, #709346, #712182\n ID: 202003-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox, the worst\nof which may allow execution of arbitrary code. \n\nBackground\n==========\n\nMozilla Firefox is a popular open-source web browser from the Mozilla\nProject. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 68.6.0 \u003e= 68.6.0\n 2 www-client/firefox-bin \u003c 68.6.0 \u003e= 68.6.0\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-68.6.0\"\n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-68.6.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-11745\n https://nvd.nist.gov/vuln/detail/CVE-2019-11745\n[ 2 ] CVE-2019-17005\n https://nvd.nist.gov/vuln/detail/CVE-2019-17005\n[ 3 ] CVE-2019-17008\n https://nvd.nist.gov/vuln/detail/CVE-2019-17008\n[ 4 ] CVE-2019-17010\n https://nvd.nist.gov/vuln/detail/CVE-2019-17010\n[ 5 ] CVE-2019-17011\n https://nvd.nist.gov/vuln/detail/CVE-2019-17011\n[ 6 ] CVE-2019-17012\n https://nvd.nist.gov/vuln/detail/CVE-2019-17012\n[ 7 ] CVE-2019-17016\n https://nvd.nist.gov/vuln/detail/CVE-2019-17016\n[ 8 ] CVE-2019-17017\n https://nvd.nist.gov/vuln/detail/CVE-2019-17017\n[ 9 ] CVE-2019-17022\n https://nvd.nist.gov/vuln/detail/CVE-2019-17022\n[ 10 ] CVE-2019-17024\n https://nvd.nist.gov/vuln/detail/CVE-2019-17024\n[ 11 ] CVE-2019-17026\n https://nvd.nist.gov/vuln/detail/CVE-2019-17026\n[ 12 ] CVE-2019-20503\n https://nvd.nist.gov/vuln/detail/CVE-2019-20503\n[ 13 ] CVE-2020-6796\n https://nvd.nist.gov/vuln/detail/CVE-2020-6796\n[ 14 ] CVE-2020-6797\n https://nvd.nist.gov/vuln/detail/CVE-2020-6797\n[ 15 ] CVE-2020-6798\n https://nvd.nist.gov/vuln/detail/CVE-2020-6798\n[ 16 ] CVE-2020-6799\n https://nvd.nist.gov/vuln/detail/CVE-2020-6799\n[ 17 ] CVE-2020-6800\n https://nvd.nist.gov/vuln/detail/CVE-2020-6800\n[ 18 ] CVE-2020-6805\n https://nvd.nist.gov/vuln/detail/CVE-2020-6805\n[ 19 ] CVE-2020-6806\n https://nvd.nist.gov/vuln/detail/CVE-2020-6806\n[ 20 ] CVE-2020-6807\n https://nvd.nist.gov/vuln/detail/CVE-2020-6807\n[ 21 ] CVE-2020-6811\n https://nvd.nist.gov/vuln/detail/CVE-2020-6811\n[ 22 ] CVE-2020-6812\n https://nvd.nist.gov/vuln/detail/CVE-2020-6812\n[ 23 ] CVE-2020-6814\n https://nvd.nist.gov/vuln/detail/CVE-2020-6814\n[ 24 ] MFSA-2019-37\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\n[ 25 ] MFSA-2020-03\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/\n[ 26 ] MFSA-2020-06\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/\n[ 27 ] MFSA-2020-09\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. 8.0) - ppc64le, x86_64\n\n3. \n \nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u2. \n\nWe recommend that you upgrade your nss packages. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8\nTjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj\nsSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl\nBt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq\njG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH\nUTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0\nhR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o\nDpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F\n8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co\nTgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz\nZ4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5\nyOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw=\n=QZmZ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11745"
},
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "155609"
},
{
"db": "PACKETSTORM",
"id": "157345"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "155589"
},
{
"db": "PACKETSTORM",
"id": "156704"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "155601"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-11745",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-04",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-379803",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "156770",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157345",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155589",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156704",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156093",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4739",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4555",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0001",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1339",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0483",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4449",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4723",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0307",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4579",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4507",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1173",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4674",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4610",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1387",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0194",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4594",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156721",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157226",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155487",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155989",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155622",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155546",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47047",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-11745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155601",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "155609"
},
{
"db": "PACKETSTORM",
"id": "157345"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "155589"
},
{
"db": "PACKETSTORM",
"id": "156704"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "155601"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"id": "VAR-202001-1433",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2026-03-09T22:28:09.316000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Multiple Mozilla Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106677"
},
{
"title": "Red Hat: Important: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200243 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201461 - Security Advisory"
},
{
"title": "Red Hat: Important: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194114 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200466 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194152 - Security Advisory"
},
{
"title": "Red Hat: Important: nss, nss-softokn, nss-util security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194190 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201345 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201267 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-2"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-1"
},
{
"title": "Debian Security Advisories: DSA-4579-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0af759a984821af0886871e7a26a298e"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-11745 log"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1379",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1379"
},
{
"title": "IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=74fd642ff4a4659039a762a5a0a24106"
},
{
"title": "Amazon Linux 2: ALAS2-2023-1942",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1942"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1384",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1384"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1355",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1355"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-1"
},
{
"title": "Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-2"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4241-1"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=940e53f5eecee1395e2713b0ed07506b"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=dffa374fab03b4f5b5596346629ccc8c"
},
{
"title": "Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-1"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Firefox 71",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=a8e439d387c58595bbdb24cc3bdadd40"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4335-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2020:0243"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4241-1/"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0466"
},
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-02"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-37"
},
{
"trust": 1.7,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
},
{
"trust": 1.7,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
},
{
"trust": 1.7,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4335-1/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11745"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4203-2/"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4203-1/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/errata/rhsa-2019:4152"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4216-2/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2019:4117"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193347-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2019/dsa-4579"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193339-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914260-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00026.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/lts/security/2019/dla-2020"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2019:4190"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155589/red-hat-security-advisory-2019-4114-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4449/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-cve-2019-11729-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155622/red-hat-security-advisory-2019-4190-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155546/slackware-security-advisory-mozilla-firefox-updates.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155487/ubuntu-security-notice-usn-4203-2.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-nss-softokn-nss-util-vulnerability-cve-2019-11729-and-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0483/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156770/gentoo-linux-security-advisory-202003-37.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0194/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-network-security-services-nss-vulnerabilities-cve-2019-11729-and-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157226/red-hat-security-advisory-2020-1461-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155989/ubuntu-security-notice-usn-4241-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156093/red-hat-security-advisory-2020-0243-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4739/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-nsc-encryptupdate-30971"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4507/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1339/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157345/ubuntu-security-notice-usn-4335-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4579/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0307/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157142/red-hat-security-advisory-2020-1345-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4775/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4555/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4610/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4723/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156704/gentoo-linux-security-advisory-202003-02.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4674/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-11745/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4594/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156721/gentoo-linux-security-advisory-202003-10.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1173/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1242/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1387/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47047"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-11745"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0495"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0495"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17008"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6814"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17026"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17022"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17016"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17024"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17011"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6812"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17012"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11696"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11698"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4335-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6822"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:68.7.0+build1-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6794"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11760"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2019:4114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6799"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-09/"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-03/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17017"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-06/"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6807"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nss"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "155609"
},
{
"db": "PACKETSTORM",
"id": "157345"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "155589"
},
{
"db": "PACKETSTORM",
"id": "156704"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "155601"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2019-11745",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157044",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156770",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155609",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157345",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157142",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155589",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156704",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156093",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155601",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-11745",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11745",
"ident": null
},
{
"date": "2020-04-01T15:23:37",
"db": "PACKETSTORM",
"id": "157044",
"ident": null
},
{
"date": "2020-03-16T22:35:27",
"db": "PACKETSTORM",
"id": "156770",
"ident": null
},
{
"date": "2019-12-10T15:49:04",
"db": "PACKETSTORM",
"id": "155609",
"ident": null
},
{
"date": "2020-04-22T15:10:10",
"db": "PACKETSTORM",
"id": "157345",
"ident": null
},
{
"date": "2020-04-07T16:41:47",
"db": "PACKETSTORM",
"id": "157142",
"ident": null
},
{
"date": "2019-12-09T15:52:48",
"db": "PACKETSTORM",
"id": "155589",
"ident": null
},
{
"date": "2020-03-12T20:16:23",
"db": "PACKETSTORM",
"id": "156704",
"ident": null
},
{
"date": "2020-01-27T22:53:39",
"db": "PACKETSTORM",
"id": "156093",
"ident": null
},
{
"date": "2019-12-09T22:22:22",
"db": "PACKETSTORM",
"id": "155601",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"ident": null
},
{
"date": "2020-01-08T20:15:12.313000",
"db": "NVD",
"id": "CVE-2019-11745",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11745",
"ident": null
},
{
"date": "2021-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1371",
"ident": null
},
{
"date": "2024-11-21T04:21:42.373000",
"db": "NVD",
"id": "CVE-2019-11745",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Mozilla Firefox Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1371"
}
],
"trust": 0.6
}
}
VAR-202010-0251
Vulnerability from variot - Updated: 2026-03-09 21:20In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u3.
For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BYACgkQEMKTtsN8 Tjbolg/9H3VC4r4Wmc8A4OejmH67QEZqyhzCxvd4UCpvLTJuY9JOYGy3KVhClnsz XDTqyQ8k5ez7OQt5HLy3giLJpMKUSYuSDJSbK0A3DTO5bKVg17Uol5X6RA7Coz/2 yJRRWH03dTfRoqaWQ8xHigBChTxMdYhkvh6433DzLpbuj+FV77FcivjTxZB2zFrp tHuvzN9exI4+aZCFAZPyRFct0vYHpHCP8qzgD+FMflInzBAARFPjnx8+c50+Hlp2 cB/Iq3L5EiE5T1azAAD8fgKqEGnF9OHjWxBONhXqXwhvnKKqfrLIpMf+oBvr8OEZ rKZElK0wQb6z24vDiDxFR8C8EuigYpV3YDsWwu3V8M71igw8DJseHQ/UnC4dT/Y3 QTtNtcWcheM5qiOnkiHCCZsybglI6NbdxPwfnhv9ltnunipFPtE8A56QQuOXGIcc 4P/5tRlRwAVSy+JZVCbJu7jrBe/y02RYXb6Sv5hZ0iqUAZadiFlJC0WdvWAOLJsL Z/IrRkH7KMwchOAxp5NY6qHfxXHKjFvfahglFkDsaYoEwVROKjhG5idn3NVCc656 tP5rcl1dQY4LHQZEESgps86uJGy9+8NpHHU9v9fqFZNlkBfYBWTZv0otzssOwPfu QIq7f2J77JHM8ldYzmfDVQnWBnKpnjc/B8UmvaaAkEM73N3MPu0= =VQPA -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4231-1 January 08, 2020
nss vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
NSS could be made to execute arbitrary code if it received a specially crafted input. An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: libnss3 2:3.45-1ubuntu2.2
Ubuntu 19.04: libnss3 2:3.42-1ubuntu2.5
Ubuntu 18.04 LTS: libnss3 2:3.35-2ubuntu2.7
Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.10
Ubuntu 14.04 ESM: libnss3 2:3.28.4-0ubuntu0.14.04.5+esm4
Ubuntu 12.04 ESM: libnss3 2:3.28.4-0ubuntu0.12.04.7
After a standard system update you need to reboot your computer to make all the necessary changes. 7.4) - x86_64
-
7.7) - ppc64, ppc64le, s390x, x86_64
-
Summary:
Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description:
Red Hat Ansible Automation Platform Resource Operator container images with security fixes.
Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values
-
Description:
-
Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874)
-
Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: nss and nss-softokn security update Advisory ID: RHSA-2021:0876-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0876 Issue date: 2021-03-16 CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007 CVE-2020-12403 ==================================================================== 1. Summary:
An update for nss and nss-softokn is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):
-
nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
-
nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
-
nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS (CVE-2019-17007)
-
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm
x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm
ppc64: nss-3.36.0-9.el7_6.ppc.rpm nss-3.36.0-9.el7_6.ppc64.rpm nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-devel-3.36.0-9.el7_6.ppc.rpm nss-devel-3.36.0-9.el7_6.ppc64.rpm nss-softokn-3.36.0-7.el7_6.ppc.rpm nss-softokn-3.36.0-7.el7_6.ppc64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm nss-sysinit-3.36.0-9.el7_6.ppc64.rpm nss-tools-3.36.0-9.el7_6.ppc64.rpm
ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm
x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm
aarch64: nss-3.36.0-9.el7_6.aarch64.rpm nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-devel-3.36.0-9.el7_6.aarch64.rpm nss-softokn-3.36.0-7.el7_6.aarch64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm nss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm nss-sysinit-3.36.0-9.el7_6.aarch64.rpm nss-tools-3.36.0-9.el7_6.aarch64.rpm
ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64: nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm
ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm
x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm
ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17007 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP jCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5 Em5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J o0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm mttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn wLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5 5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR iobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b 8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16 1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z IFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6 BbaFUBBSJpw=m1vv -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.
The following packages have been upgraded to a later upstream version: nss (3.53.1), nspr (4.25.0).
Bug Fix(es):
-
Install of update of nss.x86_64 adds i686 into transaction (BZ#1663187)
-
NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1691409)
-
TLS Keying Material Exporter is unsupported by command line tools (BZ#1691454)
-
TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible (BZ#1711375)
-
Make TLS 1.3 work in FIPS mode (BZ#1724250)
-
NSS rejects records with large padding with SHA384 HMAC (BZ#1750921)
-
NSS missing IKEv1 Quick Mode KDF (BZ#1809637)
-
Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1825270)
-
FIPS needs nss to restrict valid dh primes to those primes that are approved. (BZ#1854564)
-
nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)
Enhancement(s):
-
[RFE] nss should use AES for storage of keys (BZ#1723819)
-
Bugs fixed (https://bugzilla.redhat.com/):
1663187 - Install of update of nss.x86_64 adds i686 into transaction 1691454 - TLS Keying Material Exporter is unsupported by command line tools 1711375 - TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible 1724250 - Make TLS 1.3 work in FIPS mode [rhel-8] 1750921 - NSS rejects records with large padding with SHA384 HMAC 1774835 - CVE-2019-11756 nss: UAF in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state 1809637 - NSS missing IKEv1 Quick Mode KDF 1825270 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name 1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation 1854564 - FIPS needs nss to restrict valid dh primes to those primes that are approved. [rhel-8.2.0.z]
6
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"_id": null,
"model": "network security services",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.46"
},
{
"_id": null,
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161706"
},
{
"db": "PACKETSTORM",
"id": "162026"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "158724"
}
],
"trust": 0.6
},
"cve": "CVE-2019-17006",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-17006",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17006",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17006",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-1134",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-17006",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"description": {
"_id": null,
"data": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u3. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BYACgkQEMKTtsN8\nTjbolg/9H3VC4r4Wmc8A4OejmH67QEZqyhzCxvd4UCpvLTJuY9JOYGy3KVhClnsz\nXDTqyQ8k5ez7OQt5HLy3giLJpMKUSYuSDJSbK0A3DTO5bKVg17Uol5X6RA7Coz/2\nyJRRWH03dTfRoqaWQ8xHigBChTxMdYhkvh6433DzLpbuj+FV77FcivjTxZB2zFrp\ntHuvzN9exI4+aZCFAZPyRFct0vYHpHCP8qzgD+FMflInzBAARFPjnx8+c50+Hlp2\ncB/Iq3L5EiE5T1azAAD8fgKqEGnF9OHjWxBONhXqXwhvnKKqfrLIpMf+oBvr8OEZ\nrKZElK0wQb6z24vDiDxFR8C8EuigYpV3YDsWwu3V8M71igw8DJseHQ/UnC4dT/Y3\nQTtNtcWcheM5qiOnkiHCCZsybglI6NbdxPwfnhv9ltnunipFPtE8A56QQuOXGIcc\n4P/5tRlRwAVSy+JZVCbJu7jrBe/y02RYXb6Sv5hZ0iqUAZadiFlJC0WdvWAOLJsL\nZ/IrRkH7KMwchOAxp5NY6qHfxXHKjFvfahglFkDsaYoEwVROKjhG5idn3NVCc656\ntP5rcl1dQY4LHQZEESgps86uJGy9+8NpHHU9v9fqFZNlkBfYBWTZv0otzssOwPfu\nQIq7f2J77JHM8ldYzmfDVQnWBnKpnjc/B8UmvaaAkEM73N3MPu0=\n=VQPA\n-----END PGP SIGNATURE-----\n. =========================================================================\nUbuntu Security Notice USN-4231-1\nJanuary 08, 2020\n\nnss vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nNSS could be made to execute arbitrary code if it received a specially\ncrafted input. An\nattacker could possibly use this issue to execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n libnss3 2:3.45-1ubuntu2.2\n\nUbuntu 19.04:\n libnss3 2:3.42-1ubuntu2.5\n\nUbuntu 18.04 LTS:\n libnss3 2:3.35-2ubuntu2.7\n\nUbuntu 16.04 LTS:\n libnss3 2:3.28.4-0ubuntu0.16.04.10\n\nUbuntu 14.04 ESM:\n libnss3 2:3.28.4-0ubuntu0.14.04.5+esm4\n\nUbuntu 12.04 ESM:\n libnss3 2:3.28.4-0ubuntu0.12.04.7\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 7.4) - x86_64\n\n3. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. Summary:\n\nRed Hat Ansible Automation Platform Resource Operator 1.2 (technical\npreview) images that fix several security issues. Description:\n\nRed Hat Ansible Automation Platform Resource Operator container images\nwith security fixes. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. Description:\n\n* Updated python-psutil version to 5.6.6 inside ansible-runner container\n(CVE-2019-18874)\n\n3. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: nss and nss-softokn security update\nAdvisory ID: RHSA-2021:0876-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0876\nIssue date: 2021-03-16\nCVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007\n CVE-2020-12403\n====================================================================\n1. Summary:\n\nAn update for nss and nss-softokn is now available for Red Hat Enterprise\nLinux 7.6 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nSecurity Fix(es):\n\n* nss: Use-after-free in sftk_FreeSession due to improper refcounting\n(CVE-2019-11756)\n\n* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n\n* nss: Handling of Netscape Certificate Sequences in\nCERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n(CVE-2019-17007)\n\n* nss: CHACHA20-POLY1305 decryption with undersized tag leads to\nout-of-bounds read (CVE-2020-12403)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox)\nmust be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nppc64:\nnss-3.36.0-9.el7_6.ppc.rpm\nnss-3.36.0-9.el7_6.ppc64.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-devel-3.36.0-9.el7_6.ppc.rpm\nnss-devel-3.36.0-9.el7_6.ppc64.rpm\nnss-softokn-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64.rpm\nnss-tools-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\naarch64:\nnss-3.36.0-9.el7_6.aarch64.rpm\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-devel-3.36.0-9.el7_6.aarch64.rpm\nnss-softokn-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-sysinit-3.36.0-9.el7_6.aarch64.rpm\nnss-tools-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6):\n\nppc64:\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17007\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP\njCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5\nEm5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J\no0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm\nmttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn\nwLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5\n5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR\niobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b\n8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16\n1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z\nIFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6\nBbaFUBBSJpw=m1vv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. \n\nThe following packages have been upgraded to a later upstream version: nss\n(3.53.1), nspr (4.25.0). \n\nBug Fix(es):\n\n* Install of update of nss.x86_64 adds i686 into transaction (BZ#1663187)\n\n* NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and\nTLS 1.1 (BZ#1691409)\n\n* TLS Keying Material Exporter is unsupported by command line tools\n(BZ#1691454)\n\n* TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible (BZ#1711375)\n\n* Make TLS 1.3 work in FIPS mode (BZ#1724250)\n\n* NSS rejects records with large padding with SHA384 HMAC (BZ#1750921)\n\n* NSS missing IKEv1 Quick Mode KDF (BZ#1809637)\n\n* Name Constraints validation: CN treated as DNS name even when\nsyntactically invalid as DNS name (BZ#1825270)\n\n* FIPS needs nss to restrict valid dh primes to those primes that are\napproved. (BZ#1854564)\n\n* nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)\n\nEnhancement(s):\n\n* [RFE] nss should use AES for storage of keys (BZ#1723819)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1663187 - Install of update of nss.x86_64 adds i686 into transaction\n1691454 - TLS Keying Material Exporter is unsupported by command line tools\n1711375 - TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible\n1724250 - Make TLS 1.3 work in FIPS mode [rhel-8]\n1750921 - NSS rejects records with large padding with SHA384 HMAC\n1774835 - CVE-2019-11756 nss: UAF in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state\n1809637 - NSS missing IKEv1 Quick Mode KDF\n1825270 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name\n1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation\n1854564 - FIPS needs nss to restrict valid dh primes to those primes that are approved. [rhel-8.2.0.z]\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17006"
},
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "168879"
},
{
"db": "PACKETSTORM",
"id": "155889"
},
{
"db": "PACKETSTORM",
"id": "161706"
},
{
"db": "PACKETSTORM",
"id": "162026"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "158724"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-17006",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-379803",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-04",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "155889",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161706",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162026",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159553",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161842",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158724",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3535",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2650",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0933",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3461",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1193",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0053",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0834",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2446",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0986",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0001",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3631",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1091",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1207",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159396",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161916",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159661",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159497",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021043017",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-17006",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168879",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "168879"
},
{
"db": "PACKETSTORM",
"id": "155889"
},
{
"db": "PACKETSTORM",
"id": "161706"
},
{
"db": "PACKETSTORM",
"id": "162026"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "158724"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"id": "VAR-202010-0251",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2026-03-09T21:20:18.369000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Mozilla Network Security Services Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105845"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4231-1"
},
{
"title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203280 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a91447c5697ecfb6bbab6f4cf67cb949"
},
{
"title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204076 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4726-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2610caa3eacc40f97585be7c579718bd"
},
{
"title": "Red Hat: Low: OpenShift Virtualization 2.4.2 Images",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204201 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=52844442ae85845bde006e7f0170408e"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
},
{
"title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
},
{
"title": "zot",
"trust": 0.1,
"url": "https://github.com/anuvu/zot "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"trust": 1.7,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4231-1/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/lts/security/2020/dla-2058"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0072/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0834"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0933"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0053/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071301"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2650/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2446/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021043017"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3461/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-12652"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-5313"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12399"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nss"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4231-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.10"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1026"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1079"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4255"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17007"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3280"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "168879"
},
{
"db": "PACKETSTORM",
"id": "155889"
},
{
"db": "PACKETSTORM",
"id": "161706"
},
{
"db": "PACKETSTORM",
"id": "162026"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "158724"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2019-17006",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168879",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155889",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161706",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162026",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162142",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159553",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161842",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158724",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-17006",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-10-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17006",
"ident": null
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168879",
"ident": null
},
{
"date": "2020-01-09T15:06:17",
"db": "PACKETSTORM",
"id": "155889",
"ident": null
},
{
"date": "2021-03-09T15:56:20",
"db": "PACKETSTORM",
"id": "161706",
"ident": null
},
{
"date": "2021-03-30T14:29:43",
"db": "PACKETSTORM",
"id": "162026",
"ident": null
},
{
"date": "2021-04-09T15:06:13",
"db": "PACKETSTORM",
"id": "162142",
"ident": null
},
{
"date": "2020-10-14T16:52:18",
"db": "PACKETSTORM",
"id": "159553",
"ident": null
},
{
"date": "2021-03-17T14:35:53",
"db": "PACKETSTORM",
"id": "161842",
"ident": null
},
{
"date": "2020-08-03T17:14:53",
"db": "PACKETSTORM",
"id": "158724",
"ident": null
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1134",
"ident": null
},
{
"date": "2020-10-22T21:15:12.560000",
"db": "NVD",
"id": "CVE-2019-17006",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17006",
"ident": null
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1134",
"ident": null
},
{
"date": "2024-11-21T04:31:31.573000",
"db": "NVD",
"id": "CVE-2019-17006",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Mozilla NSS Data forgery problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
],
"trust": 0.6
}
}
VAR-202307-0585
Vulnerability from variot - Updated: 2025-08-01 21:08A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox mx5000re",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1536",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1524",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.16.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1501",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1524",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx5000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox mx5000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1512",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1510",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1400",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1511",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox mx5000re",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1536",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox mx5000re",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1524",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1536",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"cve": "CVE-2023-36390",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-55709",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-36390",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-36390",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-36390",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2023-36390",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-36390",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-36390",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2023-55709",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-741",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-741"
},
{
"db": "NVD",
"id": "CVE-2023-36390"
},
{
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-36390"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"db": "VULMON",
"id": "CVE-2023-36390"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-36390",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-146325",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-23-194-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95292697",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021749",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-55709",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202307-741",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-36390",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"db": "VULMON",
"id": "CVE-2023-36390"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-741"
},
{
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"id": "VAR-202307-0585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
}
],
"trust": 1.17411168
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
}
]
},
"last_update_date": "2025-08-01T21:08:50.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55709)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/440301"
},
{
"title": "Siemens RUGGEDCOM ROX A series of products Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246663"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-741"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95292697/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-36390"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-36390/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"db": "VULMON",
"id": "CVE-2023-36390"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-741"
},
{
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"db": "VULMON",
"id": "CVE-2023-36390"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-741"
},
{
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"date": "2023-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2023-36390"
},
{
"date": "2024-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-741"
},
{
"date": "2023-07-11T10:15:10.827000",
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-55709"
},
{
"date": "2023-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2023-36390"
},
{
"date": "2024-01-19T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2023-021749"
},
{
"date": "2023-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-741"
},
{
"date": "2025-08-01T02:05:29.757000",
"db": "NVD",
"id": "CVE-2023-36390"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-741"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021749"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-741"
}
],
"trust": 0.6
}
}
VAR-202412-0442
Vulnerability from variot - Updated: 2024-12-13 23:23A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to cross-site request forgery (CSRF).
This could allow an attacker to read or modify the device configuration by tricking an authenticated legitimate user into accessing a malicious link. RUGGEDCOM ROX II is a ROX-based VPN endpoint and firewall device used to connect devices operating in harsh environments, such as power substations and traffic control cabinets
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202412-0442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox mx5000re",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1524",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx1536",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
},
{
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.16.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
}
]
},
"cve": "CVE-2020-28398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-47914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-28398",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2020-28398",
"trust": 1.0,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-47914",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
},
{
"db": "NVD",
"id": "CVE-2020-28398"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to \r\ncross-site request forgery (CSRF). \r\n\r\nThis could allow an attacker to read or modify the device configuration\r\nby tricking an authenticated legitimate user into accessing a malicious link. RUGGEDCOM ROX II is a ROX-based VPN endpoint and firewall device used to connect devices operating in harsh environments, such as power substations and traffic control cabinets",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28398"
},
{
"db": "CNVD",
"id": "CNVD-2024-47914"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28398",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-384652",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2024-47914",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
},
{
"db": "NVD",
"id": "CVE-2020-28398"
}
]
},
"id": "VAR-202412-0442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
}
],
"trust": 1.17411168
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
}
]
},
"last_update_date": "2024-12-13T23:23:40.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens RUGGEDCOM ROX II Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/639416"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
},
{
"db": "NVD",
"id": "CVE-2020-28398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
},
{
"db": "NVD",
"id": "CVE-2020-28398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-47914"
},
{
"date": "2024-12-10T14:15:18.320000",
"db": "NVD",
"id": "CVE-2020-28398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-47914"
},
{
"date": "2024-12-10T14:15:18.320000",
"db": "NVD",
"id": "CVE-2020-28398"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens RUGGEDCOM ROX II Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-47914"
}
],
"trust": 0.6
}
}
CVE-2024-56840 (GCVE-0-2024-56840)
Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:27:32.481320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:27:36.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:55.345Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56840",
"datePublished": "2025-12-09T10:44:19.188Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:55.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56839 (GCVE-0-2024-56839)
Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:27:47.309463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:27:57.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:54.268Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56839",
"datePublished": "2025-12-09T10:44:18.103Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:54.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56838 (GCVE-0-2024-56838)
Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:28:19.803546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:28:27.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:53.194Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56838",
"datePublished": "2025-12-09T10:44:17.019Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:53.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56837 (GCVE-0-2024-56837)
Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:28:47.566460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:28:52.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:52.096Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56837",
"datePublished": "2025-12-09T10:44:15.934Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:52.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56836 (GCVE-0-2024-56836)
Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:29:09.000238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:29:13.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:50.967Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56836",
"datePublished": "2025-12-09T10:44:14.820Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:50.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56835 (GCVE-0-2024-56835)
Vulnerability from nvd – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:29:27.215015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:29:32.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:49.860Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56835",
"datePublished": "2025-12-09T10:44:13.701Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:49.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40761 (GCVE-0-2025-40761)
Vulnerability from nvd – Published: 2025-08-12 11:17 – Updated: 2025-08-12 18:23
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode.
This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < *
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T18:22:37.859243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T18:23:25.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode.\r\nThis could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:17:11.853Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-094954.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40761",
"datePublished": "2025-08-12T11:17:11.853Z",
"dateReserved": "2025-04-16T08:39:30.032Z",
"dateUpdated": "2025-08-12T18:23:25.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33023 (GCVE-0-2025-33023)
Vulnerability from nvd – Published: 2025-08-12 11:16 – Updated: 2025-08-12 20:08
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.
Severity ?
4.1 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < *
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T20:08:29.644330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:08:44.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:59.504Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-665108.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-33023",
"datePublished": "2025-08-12T11:16:59.504Z",
"dateReserved": "2025-04-15T14:09:25.610Z",
"dateUpdated": "2025-08-12T20:08:44.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40591 (GCVE-0-2025-40591)
Vulnerability from nvd – Published: 2025-06-10 15:17 – Updated: 2025-06-10 15:41
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'Log Viewers' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the 'tail' command with root privileges and disclose contents of all files in the filesystem.
Severity ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:41:16.109866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:41:27.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027Log Viewers\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the \u0027tail\u0027 command with root privileges and disclose contents of all files in the filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:17:36.336Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40591",
"datePublished": "2025-06-10T15:17:36.336Z",
"dateReserved": "2025-04-16T08:20:17.033Z",
"dateUpdated": "2025-06-10T15:41:27.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33025 (GCVE-0-2025-33025)
Vulnerability from nvd – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:28
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'traceroute' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:28:14.045415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:28:58.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027traceroute\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:38:49.056Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-33025",
"datePublished": "2025-05-13T09:38:49.056Z",
"dateReserved": "2025-04-15T14:09:25.611Z",
"dateUpdated": "2025-05-13T13:28:58.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33024 (GCVE-0-2025-33024)
Vulnerability from nvd – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:29
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'tcpdump' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:29:43.390237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:29:57.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027tcpdump\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:38:47.622Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-33024",
"datePublished": "2025-05-13T09:38:47.622Z",
"dateReserved": "2025-04-15T14:09:25.611Z",
"dateUpdated": "2025-05-13T13:29:57.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32469 (GCVE-0-2025-32469)
Vulnerability from nvd – Published: 2025-05-13 09:38 – Updated: 2025-05-13 14:02
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'ping' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T14:01:55.562100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:02:46.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027ping\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:38:46.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-32469",
"datePublished": "2025-05-13T09:38:46.000Z",
"dateReserved": "2025-04-09T06:17:18.306Z",
"dateUpdated": "2025-05-13T14:02:46.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28398 (GCVE-0-2020-28398)
Vulnerability from nvd – Published: 2024-12-10 13:53 – Updated: 2024-12-10 15:28
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to
cross-site request forgery (CSRF).
This could allow an attacker to read or modify the device configuration
by tricking an authenticated legitimate user into accessing a malicious link.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_mx5000re",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1400",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1500",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1501",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1510",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1511",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1512",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1524",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx1536",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rox_rx5000",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-28398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-10T15:22:35.373344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T15:28:51.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to \r\ncross-site request forgery (CSRF).\r\n\r\nThis could allow an attacker to read or modify the device configuration\r\nby tricking an authenticated legitimate user into accessing a malicious link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T13:53:19.090Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-28398",
"datePublished": "2024-12-10T13:53:19.090Z",
"dateReserved": "2020-11-10T00:00:00.000Z",
"dateUpdated": "2024-12-10T15:28:51.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56840 (GCVE-0-2024-56840)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:27:32.481320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:27:36.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:55.345Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56840",
"datePublished": "2025-12-09T10:44:19.188Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:55.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56839 (GCVE-0-2024-56839)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:27:47.309463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:27:57.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:54.268Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56839",
"datePublished": "2025-12-09T10:44:18.103Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:54.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56838 (GCVE-0-2024-56838)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:28:19.803546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:28:27.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:53.194Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56838",
"datePublished": "2025-12-09T10:44:17.019Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:53.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56837 (GCVE-0-2024-56837)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:28:47.566460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:28:52.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:52.096Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56837",
"datePublished": "2025-12-09T10:44:15.934Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:52.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56836 (GCVE-0-2024-56836)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:29:09.000238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:29:13.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:50.967Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56836",
"datePublished": "2025-12-09T10:44:14.820Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:50.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56835 (GCVE-0-2024-56835)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:29:27.215015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:29:32.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:49.860Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56835",
"datePublished": "2025-12-09T10:44:13.701Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:49.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40761 (GCVE-0-2025-40761)
Vulnerability from cvelistv5 – Published: 2025-08-12 11:17 – Updated: 2025-08-12 18:23
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode.
This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device.
Severity ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < *
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T18:22:37.859243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T18:23:25.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode.\r\nThis could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:17:11.853Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-094954.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40761",
"datePublished": "2025-08-12T11:17:11.853Z",
"dateReserved": "2025-04-16T08:39:30.032Z",
"dateUpdated": "2025-08-12T18:23:25.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33023 (GCVE-0-2025-33023)
Vulnerability from cvelistv5 – Published: 2025-08-12 11:16 – Updated: 2025-08-12 20:08
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.
Severity ?
4.1 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < *
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T20:08:29.644330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T20:08:44.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:16:59.504Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-665108.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-33023",
"datePublished": "2025-08-12T11:16:59.504Z",
"dateReserved": "2025-04-15T14:09:25.610Z",
"dateUpdated": "2025-08-12T20:08:44.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40591 (GCVE-0-2025-40591)
Vulnerability from cvelistv5 – Published: 2025-06-10 15:17 – Updated: 2025-06-10 15:41
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'Log Viewers' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the 'tail' command with root privileges and disclose contents of all files in the filesystem.
Severity ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:41:16.109866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:41:27.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027Log Viewers\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the \u0027tail\u0027 command with root privileges and disclose contents of all files in the filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:17:36.336Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40591",
"datePublished": "2025-06-10T15:17:36.336Z",
"dateReserved": "2025-04-16T08:20:17.033Z",
"dateUpdated": "2025-06-10T15:41:27.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33025 (GCVE-0-2025-33025)
Vulnerability from cvelistv5 – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:28
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'traceroute' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:28:14.045415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:28:58.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027traceroute\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:38:49.056Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-33025",
"datePublished": "2025-05-13T09:38:49.056Z",
"dateReserved": "2025-04-15T14:09:25.611Z",
"dateUpdated": "2025-05-13T13:28:58.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33024 (GCVE-0-2025-33024)
Vulnerability from cvelistv5 – Published: 2025-05-13 09:38 – Updated: 2025-05-13 13:29
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'tcpdump' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:29:43.390237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:29:57.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027tcpdump\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:38:47.622Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-33024",
"datePublished": "2025-05-13T09:38:47.622Z",
"dateReserved": "2025-04-15T14:09:25.611Z",
"dateUpdated": "2025-05-13T13:29:57.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32469 (GCVE-0-2025-32469)
Vulnerability from cvelistv5 – Published: 2025-05-13 09:38 – Updated: 2025-05-13 14:02
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM ROX RX1501 (All versions < V2.16.5), RUGGEDCOM ROX RX1510 (All versions < V2.16.5), RUGGEDCOM ROX RX1511 (All versions < V2.16.5), RUGGEDCOM ROX RX1512 (All versions < V2.16.5), RUGGEDCOM ROX RX1524 (All versions < V2.16.5), RUGGEDCOM ROX RX1536 (All versions < V2.16.5), RUGGEDCOM ROX RX5000 (All versions < V2.16.5). The 'ping' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.
Severity ?
9.9 (Critical)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.16.5
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T14:01:55.562100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:02:46.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.16.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.5), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.5), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.5). The \u0027ping\u0027 tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:38:46.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-301229.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-32469",
"datePublished": "2025-05-13T09:38:46.000Z",
"dateReserved": "2025-04-09T06:17:18.306Z",
"dateUpdated": "2025-05-13T14:02:46.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}