Common Weakness Enumeration

CWE-754

Allowed-with-Review

Improper Check for Unusual or Exceptional Conditions

Abstraction: Class · Status: Incomplete

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

909 vulnerabilities reference this CWE, most recent first.

CVE-2021-42020 (GCVE-0-2021-42020)

Vulnerability from cvelistv5 – Published: 2022-03-08 11:31 – Updated: 2025-08-12 11:11
VLAI
Summary
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
Siemens RUGGEDCOM i800 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i800NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i801 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i801NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i802 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i802NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i803 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM i803NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2100 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2100NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2200 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M2200NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M969 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM M969NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC30 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC30NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RMC8388NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RP110 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RP110NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600F Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600FNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600T Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS1600TNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS400 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS400NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS401 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS401NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416NCv2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416NCv2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416P Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416PNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416PNCv2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416PNCv2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416Pv2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416Pv2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416v2 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS416v2 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000A Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000ANC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000H Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000HNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000T Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS8000TNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900 (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900 (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900G Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900G (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900G (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GNC(32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GNC(32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GP Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900GPNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-GETS-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-GETS-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-STND-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900M-STND-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-GETS-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-GETS-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-STND-XX Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900MNC-STND-XX-C01 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900NC(32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900NC(32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS900W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS910W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS920L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS920LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS920W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS930L Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS930LNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS930W Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS940G Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS940GNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS969 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RS969NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100 (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100 (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100NC(32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100NC(32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100P Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100P (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100P (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100PNC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100PNC (32M) V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2100PNC (32M) V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2200 Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2200NC Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2288NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300P V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300P V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300PNC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2300PNC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488 V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488 V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488NC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG2488NC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG907R Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG908C Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG909R Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG910C Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920P V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920P V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920PNC V4.X Affected: 0 , < V4.3.8 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSG920PNC V5.X Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSL910 Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RSL910NC Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST2228 Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST2228P Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST916C Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Siemens RUGGEDCOM RST916P Affected: 0 , < V5.6.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i800",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i800NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i801",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i801NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i802",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i802NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i803",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM i803NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2100",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2100NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2200",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M2200NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M969",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM M969NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC30",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC30NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RMC8388NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RP110",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RP110NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600F",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600FNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600T",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS1600TNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS400",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS400NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS401",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS401NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416NCv2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416NCv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416PNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416PNCv2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416PNCv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416Pv2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416Pv2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416v2 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS416v2 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000A",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000ANC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000H",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000HNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000T",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS8000TNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900 (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900G (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GNC(32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GNC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GP",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900GPNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-GETS-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-GETS-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-STND-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900M-STND-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-GETS-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-GETS-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-STND-XX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900MNC-STND-XX-C01",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900NC(32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900NC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS900W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS910W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS920L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS920LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS920W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS930L",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS930LNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS930W",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS940G",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS940GNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS969",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RS969NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100 (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100 (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100NC(32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100NC(32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100P (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100PNC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100PNC (32M) V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2100PNC (32M) V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2200",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2200NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2288NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300P V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300PNC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2300PNC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488 V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488 V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488NC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG2488NC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG907R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG908C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG909R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG910C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920P V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920P V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920PNC V4.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.3.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSG920PNC V5.X",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSL910",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RSL910NC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST2228P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM RST916P",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V5.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names.\r\n\r\nIf an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:11:10.916Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-42020",
    "datePublished": "2022-03-08T11:31:20.000Z",
    "dateReserved": "2021-10-06T00:00:00.000Z",
    "dateUpdated": "2025-08-12T11:11:10.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41135 (GCVE-0-2021-41135)

Vulnerability from cvelistv5 – Published: 2021-10-20 18:05 – Updated: 2024-08-04 02:59
VLAI
Title
Authz Module Non-Determinism
Summary
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node’s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
cosmos cosmos-sdk Affected: >= 0.43.0, < 0.44.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cosmos-sdk",
          "vendor": "cosmos",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.43.0, \u003c 0.44.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node\u2019s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T18:05:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
        }
      ],
      "source": {
        "advisory": "GHSA-2p6r-37p9-89p2",
        "discovery": "UNKNOWN"
      },
      "title": "Authz Module Non-Determinism",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41135",
          "STATE": "PUBLIC",
          "TITLE": "Authz Module Non-Determinism"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "cosmos-sdk",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 0.43.0, \u003c 0.44.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "cosmos"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node\u2019s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2",
              "refsource": "CONFIRM",
              "url": "https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2"
            },
            {
              "name": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee",
              "refsource": "MISC",
              "url": "https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee"
            },
            {
              "name": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349",
              "refsource": "MISC",
              "url": "https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2p6r-37p9-89p2",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41135",
    "datePublished": "2021-10-20T18:05:10.000Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T02:59:31.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-39162 (GCVE-0-2021-39162)

Vulnerability from cvelistv5 – Published: 2021-09-09 22:05 – Updated: 2024-08-04 01:58
VLAI
Title
Incorrect handling of H2 GOAWAY + SETTINGS frames
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
pomerium pomerium Affected: >= 0.15.0, < 0.15.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:18.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pomerium",
          "vendor": "pomerium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.15.0, \u003c 0.15.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-09T22:05:11.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
        }
      ],
      "source": {
        "advisory": "GHSA-gjcg-vrxg-xmgv",
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect handling of H2 GOAWAY + SETTINGS frames",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-39162",
          "STATE": "PUBLIC",
          "TITLE": "Incorrect handling of H2 GOAWAY + SETTINGS frames"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "pomerium",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 0.15.0, \u003c 0.15.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "pomerium"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
            },
            {
              "name": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv",
              "refsource": "CONFIRM",
              "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
            },
            {
              "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8",
              "refsource": "MISC",
              "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-gjcg-vrxg-xmgv",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-39162",
    "datePublished": "2021-09-09T22:05:11.000Z",
    "dateReserved": "2021-08-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:58:18.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-37862 (GCVE-0-2021-37862)

Vulnerability from cvelistv5 – Published: 2021-12-17 16:10 – Updated: 2024-08-04 01:30
VLAI
Summary
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
Mattermost Mattermost Affected: unspecified , ≤ 6.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:30:09.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://mattermost.com/security-updates/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1357013"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "6.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-17T16:10:29.000Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mattermost.com/security-updates/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1357013"
        }
      ],
      "source": {
        "advisory": "MMSA-2021-0074",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-39205"
        ],
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "responsibledisclosure@mattermost.com",
          "ID": "CVE-2021-37862",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Mattermost",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mattermost"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://mattermost.com/security-updates/",
              "refsource": "MISC",
              "url": "https://mattermost.com/security-updates/"
            },
            {
              "name": "https://hackerone.com/reports/1357013",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1357013"
            }
          ]
        },
        "source": {
          "advisory": "MMSA-2021-0074",
          "defect": [
            "https://mattermost.atlassian.net/browse/MM-39205"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2021-37862",
    "datePublished": "2021-12-17T16:10:29.000Z",
    "dateReserved": "2021-08-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:30:09.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33605 (GCVE-0-2021-33605)

Vulnerability from cvelistv5 – Published: 2021-08-25 12:12 – Updated: 2024-09-17 02:53
VLAI
Title
Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
Summary
Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
Vaadin Vaadin Affected: 12.0.0 , < unspecified (custom)
Affected: unspecified , < 14.0.0 (custom)
Affected: 14.0.0 , < unspecified (custom)
Affected: unspecified , < 14.5.0 (custom)
Affected: 15.0.0 , < unspecified (custom)
Affected: unspecified , ≤ 17.0.11 (custom)
Affected: 14.5.0 , < unspecified (custom)
Affected: unspecified , ≤ 14.6.7 (custom)
Affected: 18.0.0 , < unspecified (custom)
Affected: unspecified , ≤ 20.0.5 (custom)
Create a notification for this product.
Vaadin vaadin-checkbox-flow Affected: 1.2.0 , < unspecified (custom)
Affected: unspecified , < 2.0.0 (custom)
Affected: 2.0.0 , < unspecified (custom)
Affected: unspecified , < 3.0.0 (custom)
Affected: 3.0.0 , < unspecified (custom)
Affected: unspecified , ≤ 4.0.1 (custom)
Affected: 14.5.0 , < unspecified (custom)
Affected: unspecified , ≤ 14.6.7 (custom)
Affected: 18.0.0 , < unspecified (custom)
Affected: unspecified , ≤ 20.0.5 (custom)
Create a notification for this product.
Date Public
2021-08-25 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://vaadin.com/security/cve-2021-33605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vaadin/flow-components/pull/1903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Vaadin",
          "vendor": "Vaadin",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.5.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "17.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "14.5.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "14.6.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "20.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "vaadin-checkbox-flow",
          "vendor": "Vaadin",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "14.5.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "14.6.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "20.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-08-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-25T12:12:41.000Z",
        "orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
        "shortName": "Vaadin"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://vaadin.com/security/cve-2021-33605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vaadin/flow-components/pull/1903"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vaadin.com",
          "DATE_PUBLIC": "2021-08-25T11:46:00.000Z",
          "ID": "CVE-2021-33605",
          "STATE": "PUBLIC",
          "TITLE": "Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Vaadin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "12.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.0.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "14.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.5.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "15.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "17.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "14.5.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "14.6.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "18.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "20.0.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "vaadin-checkbox-flow",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "1.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.0.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.0.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "3.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "4.0.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "14.5.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "14.6.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "18.0.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "20.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Vaadin"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://vaadin.com/security/cve-2021-33605",
              "refsource": "CONFIRM",
              "url": "https://vaadin.com/security/cve-2021-33605"
            },
            {
              "name": "https://github.com/vaadin/flow-components/pull/1903",
              "refsource": "CONFIRM",
              "url": "https://github.com/vaadin/flow-components/pull/1903"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
    "assignerShortName": "Vaadin",
    "cveId": "CVE-2021-33605",
    "datePublished": "2021-08-25T12:12:41.760Z",
    "dateReserved": "2021-05-27T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:53:05.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32946 (GCVE-0-2021-32946)

Vulnerability from cvelistv5 – Published: 2021-06-17 11:56 – Updated: 2024-08-03 23:33
VLAI
Summary
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.
Severity
No CVSS data available.
CWE
  • CWE-754 - IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754
Assigner
Impacted products
Vendor Product Version
n/a Drawings SDK Affected: Version 2022.4 and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:55.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drawings SDK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 2022.4 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-08T14:06:31.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-32946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drawings SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 2022.4 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-983/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-985/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-32946",
    "datePublished": "2021-06-17T11:56:39.000Z",
    "dateReserved": "2021-05-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:33:55.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32780 (GCVE-0-2021-32780)

Vulnerability from cvelistv5 – Published: 2021-08-24 20:55 – Updated: 2024-08-03 23:33
VLAI
Title
Incorrect handling of H/2 GOAWAY followed by SETTINGS frames
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
envoyproxy envoy Affected: >= 1.19.0, < 1.19.1
Affected: >= 1.18.0, < 1.18.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:56.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.19.0, \u003c 1.19.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.18.0, \u003c 1.18.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-24T20:55:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
        }
      ],
      "source": {
        "advisory": "GHSA-j374-mjrw-vvp8",
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect handling of H/2 GOAWAY followed by SETTINGS frames",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32780",
          "STATE": "PUBLIC",
          "TITLE": "Incorrect handling of H/2 GOAWAY followed by SETTINGS frames"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "envoy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.19.0, \u003c 1.19.1"
                          },
                          {
                            "version_value": "\u003e= 1.18.0, \u003c 1.18.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "envoyproxy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
              "refsource": "MISC",
              "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
            },
            {
              "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8",
              "refsource": "CONFIRM",
              "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-j374-mjrw-vvp8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32780",
    "datePublished": "2021-08-24T20:55:10.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:33:56.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31364 (GCVE-0-2021-31364)

Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-17 01:56
VLAI
Title
Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • Denial of Service (DoS)
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11226 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 17.4R3-S5 (custom)
Affected: 18.3 , < 18.3R3-S5 (custom)
Affected: 18.4 , < 18.4R3-S9 (custom)
Affected: 19.1 , < 19.1R3-S6 (custom)
Affected: 19.2 , < 19.2R1-S7, 19.2R3-S2 (custom)
Affected: 19.3 , < 19.3R2-S6, 19.3R3-S2 (custom)
Affected: 19.4 , < 19.4R1-S4, 19.4R3-S3 (custom)
Affected: 20.1 , < 20.1R2-S2, 20.1R3 (custom)
Affected: 20.2 , < 20.2R3 (custom)
Affected: 20.3 , < 20.3R2-S1, 20.3R3 (custom)
Affected: 20.4 , < 20.4R2 (custom)
Create a notification for this product.
Date Public
2021-10-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11226"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "17.4R3-S5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R3-S5",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R3-S9",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R3-S6",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S7, 19.2R3-S2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S6, 19.3R3-S2",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S4, 19.4R3-S3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R2-S2, 20.1R3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R2-S1, 20.3R3",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R2",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue can only occur when logging for session-close is configured similar to the following example:\n\n  [security policies from-zone untrust to-zone trust policy policy_name then log session-close]"
        }
      ],
      "datePublic": "2021-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-19T18:16:52.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11226"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11226",
        "defect": [
          "1571354"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received",
      "workarounds": [
        {
          "lang": "en",
          "value": "Please remove the session-close log action from the policy actions of all policies."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
          "ID": "CVE-2021-31364",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_value": "17.4R3-S5"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R3-S5"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R3-S9"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R3-S6"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S7, 19.2R3-S2"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S6, 19.3R3-S2"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S4, 19.4R3-S3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R2-S2, 20.1R3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R2-S1, 20.3R3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue can only occur when logging for session-close is configured similar to the following example:\n\n  [security policies from-zone untrust to-zone trust policy policy_name then log session-close]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11226",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11226"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11226",
          "defect": [
            "1571354"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Please remove the session-close log action from the policy actions of all policies."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-31364",
    "datePublished": "2021-10-19T18:16:52.279Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:56:30.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31361 (GCVE-0-2021-31361)

Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-17 03:44
VLAI
Title
Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Continued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX Series: All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS on PTX Series: All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • CWE-755 - Improper Handling of Exceptional Conditions
  • Denial of Service (DoS)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11223 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 17.3R3-S11 (custom)
Affected: 17.4 , < 17.4R2-S13, 17.4R3-S4 (custom)
Affected: 18.1 , < 18.1R3-S12 (custom)
Affected: 18.2 , < 18.2R2-S8, 18.2R3-S7 (custom)
Affected: 18.3 , < 18.3R3-S4 (custom)
Affected: 18.4 , < 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 (custom)
Affected: 19.1 , < 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 (custom)
Affected: 19.2 , < 19.2R1-S6, 19.2R3-S2 (custom)
Affected: 19.3 , < 19.3R3-S1 (custom)
Affected: 19.4 , < 19.4R2-S3, 19.4R3-S1 (custom)
Affected: 20.1 , < 20.1R2, 20.1R3 (custom)
Affected: 20.2 , < 20.2R2, 20.2R3 (custom)
Affected: 20.3 , < 20.3R1-S1, 20.3R2 (custom)
Create a notification for this product.
Juniper Networks Junos OS Affected: unspecified , < 18.4R3-S9 (custom)
Affected: 19.1 , < 19.1R3-S6 (custom)
Affected: 19.2 , < 19.2R1-S7, 19.2R3-S3 (custom)
Affected: 19.3 , < 19.3R2-S6, 19.3R3-S3 (custom)
Affected: 19.4 , < 19.4R1-S4, 19.4R3-S5 (custom)
Affected: 20.1 , < 20.1R2-S2, 20.1R3 (custom)
Affected: 20.2 , < 20.2R3-S1 (custom)
Affected: 20.3 , < 20.3R2-S1, 20.3R3 (custom)
Affected: 20.4 , < 20.4R2-S1, 20.4R3 (custom)
Affected: 21.1 , < 21.1R1-S1, 21.1R2 (custom)
Create a notification for this product.
Date Public
2021-10-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "QFX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "17.3R3-S11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S13, 17.4R3-S4",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S12",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R2-S8, 18.2R3-S7",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R3-S4",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R1-S6, 19.1R2-S2, 19.1R3-S4",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S6, 19.2R3-S2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R3-S1",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S3, 19.4R3-S1",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R2, 20.1R3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R2, 20.2R3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R1-S1, 20.3R2",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "PTX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.4R3-S9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R3-S6",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S7, 19.2R3-S3",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S6, 19.3R3-S3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S4, 19.4R3-S5",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R2-S2, 20.1R3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S1",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R2-S1, 20.3R3",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R2-S1, 20.4R3",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R1-S1, 21.1R2",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "An minimal example VXLAN configuration affected would be:\n\n  set bridge-domains vlan-20 vxlan vni 10\n  set bridge-domains vlan-20 vlan-id 10\n  set bridge-domains vlan-20 interface xe-1/0/1.0\n  set interfaces xe-1/0/1 vlan-tagging\n  set interfaces xe-1/0/1 encapsulation flexible-ethernet-services\n  set interfaces xe-1/0/1 unit 0 encapsulation vlan-bridge\n  set interfaces xe-1/0/1 unit 0 vlan-id 10"
        }
      ],
      "datePublic": "2021-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Continued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX Series: All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS on PTX Series: All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-19T18:16:47.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11223"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue for QFX Series: 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R1-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S3, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.\n\nThe following software releases have been updated to resolve this specific issue for PTX Series: 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R3-S5, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R2-S1, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11223",
        "defect": [
          "1490063",
          "1584197"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
          "ID": "CVE-2021-31361",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_value": "17.3R3-S11"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S13, 17.4R3-S4"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S12"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R2-S8, 18.2R3-S7"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R3-S4"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R1-S6, 19.1R2-S2, 19.1R3-S4"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S6, 19.2R3-S2"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R3-S1"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2-S3, 19.4R3-S1"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R2, 20.1R3"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R2, 20.2R3"
                          },
                          {
                            "platform": "QFX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R1-S1, 20.3R2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_value": "18.4R3-S9"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R3-S6"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S7, 19.2R3-S3"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S6, 19.3R3-S3"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S4, 19.4R3-S5"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R2-S2, 20.1R3"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R3-S1"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R2-S1, 20.3R3"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R2-S1, 20.4R3"
                          },
                          {
                            "platform": "PTX Series",
                            "version_affected": "\u003c",
                            "version_name": "21.1",
                            "version_value": "21.1R1-S1, 21.1R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "An minimal example VXLAN configuration affected would be:\n\n  set bridge-domains vlan-20 vxlan vni 10\n  set bridge-domains vlan-20 vlan-id 10\n  set bridge-domains vlan-20 interface xe-1/0/1.0\n  set interfaces xe-1/0/1 vlan-tagging\n  set interfaces xe-1/0/1 encapsulation flexible-ethernet-services\n  set interfaces xe-1/0/1 unit 0 encapsulation vlan-bridge\n  set interfaces xe-1/0/1 unit 0 vlan-id 10"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Continued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX Series: All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS on PTX Series: All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-755 Improper Handling of Exceptional Conditions"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11223",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11223"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue for QFX Series: 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R1-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S3, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.\n\nThe following software releases have been updated to resolve this specific issue for PTX Series: 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R3-S5, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R2-S1, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11223",
          "defect": [
            "1490063",
            "1584197"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-31361",
    "datePublished": "2021-10-19T18:16:47.475Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:44:15.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31351 (GCVE-0-2021-31351)

Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-17 01:26
VLAI
Title
Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset
Summary
An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects specific versions of Juniper Networks Junos OS on MX Series: 17.3R3-S11; 17.4R2-S13; 17.4R3 prior to 17.4R3-S5; 18.1R3-S12; 18.2R2-S8, 18.2R3-S7, 18.2R3-S8; 18.3R3-S4; 18.4R3-S7; 19.1R3-S4, 19.1R3-S5; 19.2R1-S6; 19.3R3-S2; 19.4R2-S4, 19.4R2-S5; 19.4R3-S2; 20.1R2-S1; 20.2R2-S2, 20.2R2-S3, 20.2R3; 20.3R2, 20.3R2-S1; 20.4R1, 20.4R1-S1, 20.4R2; 21.1R1; This issue does not affect any version of Juniper Networks Junos OS prior to 15.1X49-D240;
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • Denial of Service (DoS)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11216 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: unspecified , < 15.1 (custom)
Unaffected: 17.3 , < 17.3R3-S11 (custom)
Unaffected: 17.4R3 , < 17.4* (custom)
Create a notification for this product.
Juniper Networks Junos OS Affected: 17.3R3-S11
Affected: 18.1R3-S12
Affected: 18.3R3-S4
Affected: 18.4R3-S7
Affected: 19.1R3-S4, 19.1R3-S5
Affected: 19.2R1-S6
Affected: 19.3R3-S2
Affected: 19.4R3-S2
Affected: 20.1R2-S1
Affected: 20.2R3
Affected: 20.3R2
Affected: 17.4R2-S13 , < 17.4* (custom)
Affected: 18.2R2-S8, 18.2R3-S7 , < 18.2* (custom)
Affected: 18.4R1-S8, 18.4R2-S7 , < 18.4* (custom)
Affected: 19.4R2-S4 , < 19.4* (custom)
Affected: 20.2R2-S2 , < 20.2* (custom)
Affected: 20.3R1-S2 , < 20.3* (custom)
Affected: 20.4 , < 20.4R2-S1, 20.4R3 (custom)
Affected: 21.1 , < 21.1R1-S1, 21.1R2 (custom)
Create a notification for this product.
Date Public
2021-10-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11216"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S11",
              "status": "unaffected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4*",
              "status": "unaffected",
              "version": "17.4R3",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "MX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "17.3R3-S11"
            },
            {
              "status": "affected",
              "version": "18.1R3-S12"
            },
            {
              "status": "affected",
              "version": "18.3R3-S4"
            },
            {
              "status": "affected",
              "version": "18.4R3-S7"
            },
            {
              "status": "affected",
              "version": "19.1R3-S4, 19.1R3-S5"
            },
            {
              "status": "affected",
              "version": "19.2R1-S6"
            },
            {
              "status": "affected",
              "version": "19.3R3-S2"
            },
            {
              "status": "affected",
              "version": "19.4R3-S2"
            },
            {
              "status": "affected",
              "version": "20.1R2-S1"
            },
            {
              "status": "affected",
              "version": "20.2R3"
            },
            {
              "status": "affected",
              "version": "20.3R2"
            },
            {
              "lessThan": "17.4*",
              "status": "affected",
              "version": "17.4R2-S13",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2*",
              "status": "affected",
              "version": "18.2R2-S8, 18.2R3-S7",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4*",
              "status": "affected",
              "version": "18.4R1-S8, 18.4R2-S7",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4*",
              "status": "affected",
              "version": "19.4R2-S4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2*",
              "status": "affected",
              "version": "20.2R2-S2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3*",
              "status": "affected",
              "version": "20.3R1-S2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R2-S1, 20.4R3",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R1-S1, 21.1R2",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects specific versions of Juniper Networks Junos OS on MX Series: 17.3R3-S11; 17.4R2-S13; 17.4R3 prior to 17.4R3-S5; 18.1R3-S12; 18.2R2-S8, 18.2R3-S7, 18.2R3-S8; 18.3R3-S4; 18.4R3-S7; 19.1R3-S4, 19.1R3-S5; 19.2R1-S6; 19.3R3-S2; 19.4R2-S4, 19.4R2-S5; 19.4R3-S2; 20.1R2-S1; 20.2R2-S2, 20.2R2-S3, 20.2R3; 20.3R2, 20.3R2-S1; 20.4R1, 20.4R1-S1, 20.4R2; 21.1R1; This issue does not affect any version of Juniper Networks Junos OS prior to 15.1X49-D240;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-19T18:16:31.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11216"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S12, 17.4R3-S5, 18.1R3-S13, 18.3R3-S5, 18.4R3-S8, 19.1R3-S6, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\n\nNote: Only those releases listed in the PROBLEM section above are affected.  This fix has also been proactively committed into other releases that are not vulnerable to this issue."
        }
      ],
      "source": {
        "advisory": "JSA11216",
        "defect": [
          "1577814"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
          "ID": "CVE-2021-31351",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!\u003c",
                            "version_value": "15.1"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S11"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_value": "17.3R3-S11"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003e=",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S13"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "17.4",
                            "version_value": "17.4R3"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_value": "18.1R3-S12"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003e=",
                            "version_name": "18.2",
                            "version_value": "18.2R2-S8, 18.2R3-S7"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_value": "18.3R3-S4"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003e=",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S8, 18.4R2-S7"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "18.4",
                            "version_value": "18.4R3-S7"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "19.1",
                            "version_value": "19.1R3-S4, 19.1R3-S5"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S6"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "19.3",
                            "version_value": "19.3R3-S2"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003e=",
                            "version_name": "19.4",
                            "version_value": "19.4R2-S4"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "19.4",
                            "version_value": "19.4R3-S2"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "20.1",
                            "version_value": "20.1R2-S1"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003e=",
                            "version_name": "20.2",
                            "version_value": "20.2R2-S2"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "20.2",
                            "version_value": "20.2R3"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003e=",
                            "version_name": "20.3",
                            "version_value": "20.3R1-S2"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "=",
                            "version_name": "20.3",
                            "version_value": "20.3R2"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R2-S1, 20.4R3"
                          },
                          {
                            "platform": "MX Series",
                            "version_affected": "\u003c",
                            "version_name": "21.1",
                            "version_value": "21.1R1-S1, 21.1R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet, triggering the MS-MPC/MS-MIC to reset, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects specific versions of Juniper Networks Junos OS on MX Series: 17.3R3-S11; 17.4R2-S13; 17.4R3 prior to 17.4R3-S5; 18.1R3-S12; 18.2R2-S8, 18.2R3-S7, 18.2R3-S8; 18.3R3-S4; 18.4R3-S7; 19.1R3-S4, 19.1R3-S5; 19.2R1-S6; 19.3R3-S2; 19.4R2-S4, 19.4R2-S5; 19.4R3-S2; 20.1R2-S1; 20.2R2-S2, 20.2R2-S3, 20.2R3; 20.3R2, 20.3R2-S1; 20.4R1, 20.4R1-S1, 20.4R2; 21.1R1; This issue does not affect any version of Juniper Networks Junos OS prior to 15.1X49-D240;"
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11216",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11216"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S12, 17.4R3-S5, 18.1R3-S13, 18.3R3-S5, 18.4R3-S8, 19.1R3-S6, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\n\nNote: Only those releases listed in the PROBLEM section above are affected.  This fix has also been proactively committed into other releases that are not vulnerable to this issue."
          }
        ],
        "source": {
          "advisory": "JSA11216",
          "defect": [
            "1577814"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-31351",
    "datePublished": "2021-10-19T18:16:31.714Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:26:12.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is expected.

Mitigation
Implementation

If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).

Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
  • Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
Architecture and Design Implementation

If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.

Mitigation
Architecture and Design

Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.

No CAPEC attack patterns related to this CWE.