CWE-410
Insufficient Resource Pool
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
CVE-2018-13815 (GCVE-0-2018-13815)
Vulnerability from cvelistv5
Published
2018-12-13 16:00
Modified
2024-08-05 09:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
Summary
A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Siemens AG | SIMATIC S7-1200, SIMATIC S7-1500 |
Version: SIMATIC S7-1200 : All versions Version: SIMATIC S7-1500 : All Versions < V2.6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:14:47.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105928", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105928" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC S7-1200, SIMATIC S7-1500", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "SIMATIC S7-1200 : All versions" }, { "status": "affected", "version": "SIMATIC S7-1500 : All Versions \u003c V2.6" } ] } ], "datePublic": "2018-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions \u003c V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410: Insufficient Resource Pool", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-12-14T10:57:02", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "name": "105928", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105928" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2018-13815", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC S7-1200, SIMATIC S7-1500", "version": { "version_data": [ { "version_value": "SIMATIC S7-1200 : All versions" }, { "version_value": "SIMATIC S7-1500 : All Versions \u003c V2.6" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions \u003c V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-410: Insufficient Resource Pool" } ] } ] }, "references": { "reference_data": [ { "name": "105928", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105928" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2018-13815", "datePublished": "2018-12-13T16:00:00", "dateReserved": "2018-07-10T00:00:00", "dateUpdated": "2024-08-05T09:14:47.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-0056 (GCVE-0-2019-0056)
Vulnerability from cvelistv5
Published
2019-10-09 19:26
Modified
2024-09-16 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
Summary
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: 18.1 < 18.1R2-S4, 18.1R3-S5 Version: 18.2 < 18.2R1-S5, 18.2R2-S3, 18.2R3 Version: 18.2X75 < 18.2X75-D50 Version: 18.3 < 18.3R1-S4, 18.3R2, 18.3R3 Version: 18.4 < 18.4R1-S2, 18.4R2 Version: 18.1X75-D10 < 18.1X75* |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:37:07.427Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://kb.juniper.net/JSA10954" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "MX480, MX960, MX2008, MX2010, MX2020" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "18.1R2-S4, 18.1R3-S5", "status": "affected", "version": "18.1", "versionType": "custom" }, { "lessThan": "18.2R1-S5, 18.2R2-S3, 18.2R3", "status": "affected", "version": "18.2", "versionType": "custom" }, { "lessThan": "18.2X75-D50", "status": "affected", "version": "18.2X75", "versionType": "custom" }, { "lessThan": "18.3R1-S4, 18.3R2, 18.3R3", "status": "affected", "version": "18.3", "versionType": "custom" }, { "lessThan": "18.4R1-S2, 18.4R2", "status": "affected", "version": "18.4", "versionType": "custom" }, { "lessThan": "18.1X75*", "status": "affected", "version": "18.1X75-D10", "versionType": "custom" } ] } ], "configurations": [ { "lang": "en", "value": "OSPF configuration examples can be found at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ospf-configuring-interfaces.html#jd0e229" }, { "lang": "en", "value": "You can issue show chassis at the device to determine if there are multiple MCP10\u0027s in your system. For example:\n root@device\u003e show chassis fpc pic-status\n Slot 1 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 2 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 3 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP" } ], "datePublic": "2019-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "This issue only affects devices with three (3) or more MPC10\u0027s installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device\u0027s Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE\u0027s on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2." } ], "exploits": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410 Insufficient Resource Pool", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-09T19:26:17", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://kb.juniper.net/JSA10954" } ], "solutions": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S5, 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases." } ], "source": { "advisory": "JSA10954", "defect": [ "1418955" ], "discovery": "INTERNAL" }, "title": "Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device.", "workarounds": [ { "lang": "en", "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.0.6" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2019-10-09T16:00:00.000Z", "ID": "CVE-2019-0056", "STATE": "PUBLIC", "TITLE": "Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device." }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Junos OS", "version": { "version_data": [ { "platform": "MX480, MX960, MX2008, MX2010, MX2020", "version_affected": "\u003c", "version_name": "18.1", "version_value": "18.1R2-S4, 18.1R3-S5" }, { "platform": "MX480, MX960, MX2008, MX2010, MX2020", "version_affected": "\u003c", "version_name": "18.2", "version_value": "18.2R1-S5, 18.2R2-S3, 18.2R3" }, { "platform": "MX480, MX960, MX2008, MX2010, MX2020", "version_affected": "\u003c", "version_name": "18.2X75", "version_value": "18.2X75-D50" }, { "platform": "MX480, MX960, MX2008, MX2010, MX2020", "version_affected": "\u003c", "version_name": "18.3", "version_value": "18.3R1-S4, 18.3R2, 18.3R3" }, { "platform": "MX480, MX960, MX2008, MX2010, MX2020", "version_affected": "\u003c", "version_name": "18.4", "version_value": "18.4R1-S2, 18.4R2" }, { "platform": "MX480, MX960, MX2008, MX2010, MX2020", "version_affected": "\u003e=", "version_name": "18.1X75", "version_value": "18.1X75-D10" } ] } } ] }, "vendor_name": "Juniper Networks" } ] } }, "configuration": [ { "lang": "en", "value": "OSPF configuration examples can be found at https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ospf-configuring-interfaces.html#jd0e229" }, { "lang": "en", "value": "You can issue show chassis at the device to determine if there are multiple MCP10\u0027s in your system. For example:\n root@device\u003e show chassis fpc pic-status\n Slot 1 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 2 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP\n Slot 3 Online MPC10E 3D MRATE-15xQSFPP\n PIC 0 Online MRATE-5xQSFPP\n PIC 1 Online MRATE-5xQSFPP\n PIC 2 Online MRATE-5xQSFPP" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This issue only affects devices with three (3) or more MPC10\u0027s installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device\u0027s Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE\u0027s on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2." } ] }, "exploit": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "generator": { "engine": "Vulnogram 0.0.6" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-410 Insufficient Resource Pool" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.juniper.net/JSA10954", "refsource": "MISC", "url": "https://kb.juniper.net/JSA10954" } ] }, "solution": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S5, 18.2R1-S5, 18.2R2-S3, 18.2R3, 18.2X75-D50, 18.3R1-S4, 18.3R2, 18.3R3, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases." } ], "source": { "advisory": "JSA10954", "defect": [ "1418955" ], "discovery": "INTERNAL" }, "work_around": [ { "lang": "en", "value": "There are no known workarounds for this issue." } ] } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2019-0056", "datePublished": "2019-10-09T19:26:17.416951Z", "dateReserved": "2018-10-11T00:00:00", "dateUpdated": "2024-09-16T18:29:55.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-13921 (GCVE-0-2019-13921)
Vulnerability from cvelistv5
Published
2019-10-10 13:49
Modified
2024-08-05 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
Summary
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Siemens AG | SIMATIC WinAC RTX (F) 2010 |
Version: All versions < SP3 Update 1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:44.060Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC WinAC RTX (F) 2010", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c SP3 Update 1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions \u003c SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410: Insufficient Resource Pool", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-16T15:35:24", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13921", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC WinAC RTX (F) 2010", "version": { "version_data": [ { "version_value": "All versions \u003c SP3 Update 1" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions \u003c SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-410: Insufficient Resource Pool" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13921", "datePublished": "2019-10-10T13:49:24", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:44.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-1615 (GCVE-0-2021-1615)
Vulnerability from cvelistv5
Published
2021-09-23 02:30
Modified
2024-11-07 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco IOS XE Software |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:18:10.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1615", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T21:47:23.605565Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T21:51:48.650Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-09-22T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-23T02:30:45", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT" } ], "source": { "advisory": "cisco-sa-iosxe-ewc-dos-g6JruHRT", "defect": [ [ "CSCvy04449" ] ], "discovery": "INTERNAL" }, "title": "Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-09-22T16:00:00", "ID": "CVE-2021-1615", "STATE": "PUBLIC", "TITLE": "Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IOS XE Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-410" } ] } ] }, "references": { "reference_data": [ { "name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT" } ] }, "source": { "advisory": "cisco-sa-iosxe-ewc-dos-g6JruHRT", "defect": [ [ "CSCvy04449" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1615", "datePublished": "2021-09-23T02:30:45.294570Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-07T21:51:48.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-2048 (GCVE-0-2022-2048)
Vulnerability from cvelistv5
Published
2022-07-07 20:35
Modified
2024-08-03 00:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0 < unspecified Version: unspecified < Version: 10.0.0 < unspecified Version: unspecified < Version: 11.0.0 < unspecified Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:43.964Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j" }, { "name": "DSA-5198", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5198" }, { "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0006/" }, { "name": "[oss-security] 20220909 Vulnerability in Jenkins", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/09/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "9.4.0", "versionType": "custom" }, { "lessThanOrEqual": "9.4.46", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "10.0.0", "versionType": "custom" }, { "lessThanOrEqual": "10.0.9", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "lessThanOrEqual": "11.0.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-664", "description": "CWE-664", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-09T14:06:11", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j" }, { "name": "DSA-5198", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5198" }, { "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0006/" }, { "name": "[oss-security] 20220909 Vulnerability in Jenkins", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/09/2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2022-2048", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Jetty", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "9.4.0" }, { "version_affected": "\u003c=", "version_value": "9.4.46" }, { "version_affected": "\u003e=", "version_value": "10.0.0" }, { "version_affected": "\u003c=", "version_value": "10.0.9" }, { "version_affected": "\u003e=", "version_value": "11.0.0" }, { "version_affected": "\u003c=", "version_value": "11.0.9" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests." } ] }, "impact": { "cvss": { "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-410" } ] }, { "description": [ { "lang": "eng", "value": "CWE-664" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", "refsource": "CONFIRM", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j" }, { "name": "DSA-5198", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5198" }, { "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220901-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220901-0006/" }, { "name": "[oss-security] 20220909 Vulnerability in Jenkins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/09/2" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2022-2048", "datePublished": "2022-07-07T20:35:09", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T00:24:43.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-20937 (GCVE-0-2022-20937)
Vulnerability from cvelistv5
Published
2022-11-03 19:31
Modified
2024-08-03 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
Summary
A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device.
This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications.
There are workarounds that address this vulnerability.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco Identity Services Engine Software |
Version: 2.6.0 Version: 2.6.0 p1 Version: 2.6.0 p2 Version: 2.6.0 p3 Version: 2.6.0 p5 Version: 2.6.0 p6 Version: 2.6.0 p7 Version: 2.6.0 p8 Version: 2.6.0 p9 Version: 2.6.0 p10 Version: 2.6.0 p11 Version: 2.6.0 p12 Version: 2.7.0 Version: 2.7.0 p1 Version: 2.7.0 p2 Version: 2.7.0 p3 Version: 2.7.0 p4 Version: 2.7.0 p5 Version: 2.7.0 p6 Version: 2.7.0 p7 Version: 3.0.0 Version: 3.0.0 p1 Version: 3.0.0 p2 Version: 3.0.0 p3 Version: 3.0.0 p4 Version: 3.0.0 p5 Version: 3.1.0 Version: 3.1.0 p1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:58.639Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ise-sec-atk-dos-zw5RCUYp", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Identity Services Engine Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "2.6.0" }, { "status": "affected", "version": "2.6.0 p1" }, { "status": "affected", "version": "2.6.0 p2" }, { "status": "affected", "version": "2.6.0 p3" }, { "status": "affected", "version": "2.6.0 p5" }, { "status": "affected", "version": "2.6.0 p6" }, { "status": "affected", "version": "2.6.0 p7" }, { "status": "affected", "version": "2.6.0 p8" }, { "status": "affected", "version": "2.6.0 p9" }, { "status": "affected", "version": "2.6.0 p10" }, { "status": "affected", "version": "2.6.0 p11" }, { "status": "affected", "version": "2.6.0 p12" }, { "status": "affected", "version": "2.7.0" }, { "status": "affected", "version": "2.7.0 p1" }, { "status": "affected", "version": "2.7.0 p2" }, { "status": "affected", "version": "2.7.0 p3" }, { "status": "affected", "version": "2.7.0 p4" }, { "status": "affected", "version": "2.7.0 p5" }, { "status": "affected", "version": "2.7.0 p6" }, { "status": "affected", "version": "2.7.0 p7" }, { "status": "affected", "version": "3.0.0" }, { "status": "affected", "version": "3.0.0 p1" }, { "status": "affected", "version": "3.0.0 p2" }, { "status": "affected", "version": "3.0.0 p3" }, { "status": "affected", "version": "3.0.0 p4" }, { "status": "affected", "version": "3.0.0 p5" }, { "status": "affected", "version": "3.1.0" }, { "status": "affected", "version": "3.1.0 p1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device.\r\n\r This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications.\r\n\r There are workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "Insufficient Resource Pool", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:17.112Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ise-sec-atk-dos-zw5RCUYp", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp" } ], "source": { "advisory": "cisco-sa-ise-sec-atk-dos-zw5RCUYp", "defects": [ "CSCvz99311" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20937", "datePublished": "2022-11-03T19:31:40.471Z", "dateReserved": "2021-11-02T13:28:29.192Z", "dateUpdated": "2024-08-03T02:31:58.639Z", "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-22191 (GCVE-0-2022-22191)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-16 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
- Denial of Service (DoS)
Summary
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: unspecified < 15.1R7-S12 Version: 18.4 < 18.4R2-S10, 18.4R3-S11 Version: 19.1 < 19.1R3-S8 Version: 19.2 < 19.2R1-S9, 19.2R3-S4 Version: 19.3 < 19.3R3-S5 Version: 19.4 < 19.4R2-S6, 19.4R3-S7 Version: 20.1 < 20.1R3-S3 Version: 20.2 < 20.2R3-S3 Version: 20.3 < 20.3R3-S2 Version: 20.4 < 20.4R3-S1 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R2-S1, 21.2R3 Version: 21.3 < 21.3R1-S2, 21.3R2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:49.815Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.juniper.net/JSA69502" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "EX4300" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "15.1R7-S12", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "18.4R2-S10, 18.4R3-S11", "status": "affected", "version": "18.4", "versionType": "custom" }, { "lessThan": "19.1R3-S8", "status": "affected", "version": "19.1", "versionType": "custom" }, { "lessThan": "19.2R1-S9, 19.2R3-S4", "status": "affected", "version": "19.2", "versionType": "custom" }, { "lessThan": "19.3R3-S5", "status": "affected", "version": "19.3", "versionType": "custom" }, { "lessThan": "19.4R2-S6, 19.4R3-S7", "status": "affected", "version": "19.4", "versionType": "custom" }, { "lessThan": "20.1R3-S3", "status": "affected", "version": "20.1", "versionType": "custom" }, { "lessThan": "20.2R3-S3", "status": "affected", "version": "20.2", "versionType": "custom" }, { "lessThan": "20.3R3-S2", "status": "affected", "version": "20.3", "versionType": "custom" }, { "lessThan": "20.4R3-S1", "status": "affected", "version": "20.4", "versionType": "custom" }, { "lessThan": "21.1R3", "status": "affected", "version": "21.1", "versionType": "custom" }, { "lessThan": "21.2R2-S1, 21.2R3", "status": "affected", "version": "21.2", "versionType": "custom" }, { "lessThan": "21.3R1-S2, 21.3R2", "status": "affected", "version": "21.3", "versionType": "custom" } ] } ], "datePublic": "2022-04-13T00:00:00", "descriptions": [ { "lang": "en", "value": "A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2." } ], "exploits": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410 Insufficient Resource Pool", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "description": "Denial of Service (DoS)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-14T15:50:52", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.juniper.net/JSA69502" } ], "solutions": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S12, 18.4R2-S10, 18.4R3-S11, 19.1R3-S8, 19.2R1-S9, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2-S1, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA69502", "defect": [ "1613275" ], "discovery": "INTERNAL" }, "title": "Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic", "workarounds": [ { "lang": "en", "value": "There are no viable workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2022-04-13T16:00:00.000Z", "ID": "CVE-2022-22191", "STATE": "PUBLIC", "TITLE": "Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Junos OS", "version": { "version_data": [ { "platform": "EX4300", "version_affected": "\u003c", "version_value": "15.1R7-S12" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "18.4", "version_value": "18.4R2-S10, 18.4R3-S11" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "19.1", "version_value": "19.1R3-S8" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "19.2", "version_value": "19.2R1-S9, 19.2R3-S4" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "19.3", "version_value": "19.3R3-S5" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "19.4", "version_value": "19.4R2-S6, 19.4R3-S7" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "20.1", "version_value": "20.1R3-S3" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "20.2", "version_value": "20.2R3-S3" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "20.3", "version_value": "20.3R3-S2" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "20.4", "version_value": "20.4R3-S1" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "21.1", "version_value": "21.1R3" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "21.2", "version_value": "21.2R2-S1, 21.2R3" }, { "platform": "EX4300", "version_affected": "\u003c", "version_name": "21.3", "version_value": "21.3R1-S2, 21.3R2" } ] } } ] }, "vendor_name": "Juniper Networks" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2." } ] }, "exploit": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-410 Insufficient Resource Pool" } ] }, { "description": [ { "lang": "eng", "value": "Denial of Service (DoS)" } ] } ] }, "references": { "reference_data": [ { "name": "https://kb.juniper.net/JSA69502", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA69502" } ] }, "solution": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S12, 18.4R2-S10, 18.4R3-S11, 19.1R3-S8, 19.2R1-S9, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2-S1, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, and all subsequent releases." } ], "source": { "advisory": "JSA69502", "defect": [ "1613275" ], "discovery": "INTERNAL" }, "work_around": [ { "lang": "en", "value": "There are no viable workarounds for this issue." } ] } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2022-22191", "datePublished": "2022-04-14T15:50:52.290745Z", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-09-16T18:08:39.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-40224 (GCVE-0-2022-40224)
Vulnerability from cvelistv5
Published
2023-02-07 16:52
Modified
2025-03-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
Summary
A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Moxa | SDS-3008 Series Industrial Ethernet Switch |
Version: 2.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:40.040Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1618" }, { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618", "tags": [ "x_transferred" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618" }, { "name": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities", "tags": [ "x_transferred" ], "url": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40224", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-05T18:43:09.372564Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-05T19:27:11.797Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "SDS-3008 Series Industrial Ethernet Switch", "vendor": "Moxa", "versions": [ { "status": "affected", "version": "2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410: Insufficient Resource Pool", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-07T16:52:03.607Z", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618" }, { "name": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities", "url": "https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities" } ] } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2022-40224", "datePublished": "2023-02-07T16:52:03.607Z", "dateReserved": "2022-09-21T17:34:10.101Z", "dateUpdated": "2025-03-05T19:27:11.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-46679 (GCVE-0-2022-46679)
Vulnerability from cvelistv5
Published
2023-02-01 05:33
Modified
2025-03-26 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-410 - Insufficient Resource Pool
Summary
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Dell | PowerScale OneFS |
Version: 8.2.x;9.0.0.x < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.816Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.dell.com/support/kbdoc/en-us/000206927/dsa-2022-323-dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-46679", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-26T18:53:12.012327Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-26T18:53:18.852Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PowerScale OneFS", "vendor": "Dell", "versions": [ { "lessThanOrEqual": "9.4.0.x", "status": "affected", "version": "8.2.x;9.0.0.x", "versionType": "custom" } ] } ], "datePublic": "2022-12-22T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.\u003c/div\u003e\u003c/div\u003e\n\n" } ], "value": "\nDell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.\n\n\n\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410: Insufficient Resource Pool", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-01T05:33:26.974Z", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.dell.com/support/kbdoc/en-us/000206927/dsa-2022-323-dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2022-46679", "datePublished": "2023-02-01T05:33:26.974Z", "dateReserved": "2022-12-06T21:50:27.435Z", "dateUpdated": "2025-03-26T18:53:18.852Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-38505 (GCVE-0-2023-38505)
Vulnerability from cvelistv5
Published
2023-07-27 18:49
Modified
2024-10-10 16:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ravenclaw900 | DietPi-Dashboard |
Version: = 0.6.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:55.177Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44" }, { "name": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606" }, { "name": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666" }, { "name": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:dietpi-dashboard_project:dietpi-dashboard:0.6.1:*:*:*:*:rust:*:*" ], "defaultStatus": "unknown", "product": "dietpi-dashboard", "vendor": "dietpi-dashboard_project", "versions": [ { "status": "affected", "version": "0.6.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-38505", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-10T15:38:46.675046Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-10T16:07:41.956Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "DietPi-Dashboard", "vendor": "ravenclaw900", "versions": [ { "status": "affected", "version": "= 0.6.1" } ] } ], "descriptions": [ { "lang": "en", "value": "DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won\u0027t provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-410", "description": "CWE-410: Insufficient Resource Pool", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-412", "description": "CWE-412: Unrestricted Externally Accessible Lock", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-27T18:49:29.182Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44" }, { "name": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606" }, { "name": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666" }, { "name": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7", "tags": [ "x_refsource_MISC" ], "url": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7" } ], "source": { "advisory": "GHSA-3jr4-9rxf-fr44", "discovery": "UNKNOWN" }, "title": "DietPi-Dashboard Insufficient TLS Handshake Pool" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-38505", "datePublished": "2023-07-27T18:49:29.182Z", "dateReserved": "2023-07-18T16:28:12.077Z", "dateUpdated": "2024-10-10T16:07:41.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests.
Mitigation
Phase: Architecture and Design
Description:
- Consider implementing a velocity check mechanism which would detect abusive behavior.
Mitigation
Phase: Operation
Description:
- Consider load balancing as an option to handle heavy loads.
Mitigation
Phase: Implementation
Description:
- Make sure that resource handles are properly closed when no longer needed.
Mitigation
Phase: Architecture and Design
Description:
- Identify the system's resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out).
No CAPEC attack patterns related to this CWE.