CVE-2023-3569 (GCVE-0-2023-3569)
Vulnerability from cvelistv5
Published
2023-08-08 06:56
Modified
2025-02-27 21:10
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Summary
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
References
Impacted products
Vendor Product Version
PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX Version: 0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:56.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3569",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:51:00.842526Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:10:39.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CLOUD CLIENT 1101T-TX/TX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "2.06.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC CLOUD CLIENT 1002-4G",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "2.07.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC CLOUD CLIENT 1002-4G ATT",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "2.07.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC CLOUD CLIENT 1002-4G VZW",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "2.07.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC ROUTER 3002T-4G",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "2.07.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC ROUTER 3002T-4G ATT",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "2.07.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC ROUTER 3002T-4G VZW",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "2.07.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T06:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service."
            }
          ],
          "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-776",
              "description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-14T18:06:28.369Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
        },
        {
          "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
        }
      ],
      "source": {
        "advisory": "VDE-2023-017",
        "defect": [
          "CERT@VDE#64498"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2023-3569",
    "datePublished": "2023-08-08T06:56:40.395Z",
    "dateReserved": "2023-07-10T07:42:55.485Z",
    "dateUpdated": "2025-02-27T21:10:39.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3569\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-08-08T07:15:10.480\",\"lastModified\":\"2024-11-21T08:17:34.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-776\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-776\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:cloud_client_1101t-tx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.06.10\",\"matchCriteriaId\":\"F27D7C23-5F63-42C6-AEC8-B3033693B91E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:cloud_client_1101t-tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B6CD87A-C42B-4452-BCE8-87AAC75A07A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_att_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.07.2\",\"matchCriteriaId\":\"B4EC6E85-D2D8-4D8B-86E5-FF50BAD5584F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-4g_att:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C24755-6451-49AD-8DD6-2A4A20E42E06\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.07.2\",\"matchCriteriaId\":\"8294FF44-17CF-45B3-BCAD-D334AF4001FA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-4g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C42AB40F-8156-4C5C-86DC-8F10E6C70F4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_vzw_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.07.2\",\"matchCriteriaId\":\"C3133D1F-7110-411B-B242-A5F58F2CBB47\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-4g_vzw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6480AF5-913F-4D2E-879F-149B25513093\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_att_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.07.2\",\"matchCriteriaId\":\"18E45B91-E395-4F80-AD9E-6993C881BDEE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:tc_router_3002t-4g_att:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C2CB341-1DD5-4A74-A6D4-5AA7F01E50BD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.07.2\",\"matchCriteriaId\":\"E4FD4A8A-5B20-4467-A8C5-DB8CAE10B78D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:tc_router_3002t-4g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34273B74-2964-4DDF-B464-6D312528366B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_vzw_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.07.2\",\"matchCriteriaId\":\"88EA471C-672E-4DD0-B0C9-2E5E7C695774\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:tc_router_3002t-4g_vzw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA9B96D9-DBCD-4858-94B1-CFE5AF2DD35E\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html\",\"source\":\"info@cert.vde.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Aug/12\",\"source\":\"info@cert.vde.com\"},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-017\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Aug/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"CLOUD CLIENT 1101T-TX/TX\", \"vendor\": \"PHOENIX CONTACT\", \"versions\": [{\"lessThan\": \"2.06.10\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"TC CLOUD CLIENT 1002-4G\", \"vendor\": \"PHOENIX CONTACT\", \"versions\": [{\"lessThan\": \"2.07.2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"TC CLOUD CLIENT 1002-4G ATT\", \"vendor\": \"PHOENIX CONTACT\", \"versions\": [{\"lessThan\": \"2.07.2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"TC CLOUD CLIENT 1002-4G VZW\", \"vendor\": \"PHOENIX CONTACT\", \"versions\": [{\"lessThan\": \"2.07.2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"TC ROUTER 3002T-4G\", \"vendor\": \"PHOENIX CONTACT\", \"versions\": [{\"lessThan\": \"2.07.2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"TC ROUTER 3002T-4G ATT\", \"vendor\": \"PHOENIX CONTACT\", \"versions\": [{\"lessThan\": \"2.07.2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"TC ROUTER 3002T-4G VZW\", \"vendor\": \"PHOENIX CONTACT\", \"versions\": [{\"lessThan\": \"2.07.2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"datePublic\": \"2023-08-08T06:45:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.\"}], \"value\": \"In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-776\", \"description\": \"CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2023-08-14T18:06:28.369Z\"}, \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-017\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Aug/12\"}, {\"url\": \"http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html\"}], \"source\": {\"advisory\": \"VDE-2023-017\", \"defect\": [\"CERT@VDE#64498\"], \"discovery\": \"UNKNOWN\"}, \"title\": \"PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:01:56.701Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2023-017\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Aug/12\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3569\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T21:51:00.842526Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T20:40:24.968Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-3569\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"CERTVDE\", \"dateReserved\": \"2023-07-10T07:42:55.485Z\", \"datePublished\": \"2023-08-08T06:56:40.395Z\", \"dateUpdated\": \"2025-02-27T21:10:39.956Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.