CWE-252
Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
CVE-2023-26591 (GCVE-0-2023-26591)
Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2024-08-07 18:33
VLAI?
Summary
Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.
Severity ?
CWE
- denial of service
- CWE-252 - Unchecked return value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Thunderbolt(TM) DCH drivers for Windows |
Affected:
before version 88
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:19:10.735700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T18:33:16.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Thunderbolt(TM) DCH drivers for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 88"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-252",
"description": "Unchecked return value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T13:37:49.450Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-26591",
"datePublished": "2024-02-14T13:37:49.450Z",
"dateReserved": "2023-03-01T18:23:25.238Z",
"dateUpdated": "2024-08-07T18:33:16.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29243 (GCVE-0-2023-29243)
Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2024-10-04 13:04
VLAI?
Summary
Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.
Severity ?
4.4 (Medium)
CWE
- denial of service
- CWE-252 - Unchecked return value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA |
Affected:
version 0.25.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T13:03:58.375543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T13:04:55.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "version 0.25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-252",
"description": "Unchecked return value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:25.285Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29243",
"datePublished": "2023-08-11T02:37:25.285Z",
"dateReserved": "2023-05-23T03:00:05.469Z",
"dateUpdated": "2024-10-04T13:04:55.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3013 (GCVE-0-2023-3013)
Vulnerability from cvelistv5 – Published: 2023-05-31 00:00 – Updated: 2025-01-09 19:42
VLAI?
Title
Unchecked Return Value in gpac/gpac
Summary
Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.
Severity ?
4.4 (Medium)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3013",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:42:06.787078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:42:27.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gpac/gpac",
"vendor": "gpac",
"versions": [
{
"lessThan": "2.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073"
},
{
"url": "https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594"
}
],
"source": {
"advisory": "52f95edc-cc03-4a9f-9bf8-74f641260073",
"discovery": "EXTERNAL"
},
"title": "Unchecked Return Value in gpac/gpac"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3013",
"datePublished": "2023-05-31T00:00:00.000Z",
"dateReserved": "2023-05-31T00:00:00.000Z",
"dateUpdated": "2025-01-09T19:42:27.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3247 (GCVE-0-2023-3247)
Vulnerability from cvelistv5 – Published: 2023-07-22 04:17 – Updated: 2024-10-15 20:34
VLAI?
Title
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
Summary
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.
Severity ?
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:41:48.525120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:34:03.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.0.29",
"status": "affected",
"version": "8.0.*",
"versionType": "semver"
},
{
"lessThan": "8.1.20",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.7",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Niels Dossche"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tim D\u00fcsterhus"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client\u0027s nonce.\u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-22T04:17:09.896Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw"
}
],
"source": {
"advisory": "https://github.com/php/php-src/security/advisories/GHSA-76gg-c69",
"discovery": "INTERNAL"
},
"title": "Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2023-3247",
"datePublished": "2023-07-22T04:17:09.896Z",
"dateReserved": "2023-06-14T16:24:08.631Z",
"dateUpdated": "2024-10-15T20:34:03.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37902 (GCVE-0-2023-37902)
Vulnerability from cvelistv5 – Published: 2023-07-25 20:05 – Updated: 2024-10-03 18:59
VLAI?
Title
Vyper's ecrecover can return undefined data if signature does not verify
Summary
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.
Severity ?
5.3 (Medium)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/vyperlang/vyper/security/advis… | x_refsource_CONFIRM |
| https://github.com/vyperlang/vyper/commit/019a37a… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3"
},
{
"name": "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vyper",
"vendor": "vyperlang",
"versions": [
{
"lessThan": "0.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T18:58:38.236762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T18:59:13.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vyper",
"vendor": "vyperlang",
"versions": [
{
"status": "affected",
"version": "\u003c 0.3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T20:05:40.615Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3"
},
{
"name": "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f"
}
],
"source": {
"advisory": "GHSA-f5x6-7qgp-jhf3",
"discovery": "UNKNOWN"
},
"title": "Vyper\u0027s ecrecover can return undefined data if signature does not verify"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37902",
"datePublished": "2023-07-25T20:05:40.615Z",
"dateReserved": "2023-07-10T17:51:29.610Z",
"dateUpdated": "2024-10-03T18:59:13.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40067 (GCVE-0-2023-40067)
Vulnerability from cvelistv5 – Published: 2024-08-14 13:45 – Updated: 2025-11-03 21:49
VLAI?
Summary
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Severity ?
5.7 (Medium)
CWE
- escalation of privilege
- CWE-252 - Unchecked return value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) CSME |
Affected:
See references
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:converged_security_management_engine_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "converged_security_management_engine_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "15.0.49",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.40.34",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "16.1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40067",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:46:36.335445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:58:38.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:49:20.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) CSME",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-252",
"description": "Unchecked return value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:45:40.037Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-40067",
"datePublished": "2024-08-14T13:45:40.037Z",
"dateReserved": "2023-10-05T03:00:02.400Z",
"dateUpdated": "2025-11-03T21:49:20.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41092 (GCVE-0-2023-41092)
Vulnerability from cvelistv5 – Published: 2024-05-16 20:47 – Updated: 2024-08-21 17:55
VLAI?
Summary
Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
Severity ?
7.6 (High)
CWE
- denial of service
- CWE-252 - Unchecked return value
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs |
Affected:
before version 23.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T17:55:01.406038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T17:55:14.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-252",
"description": "Unchecked return value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:35.955Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-41092",
"datePublished": "2024-05-16T20:47:35.955Z",
"dateReserved": "2023-09-07T03:00:03.704Z",
"dateUpdated": "2024-08-21T17:55:14.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4162 (GCVE-0-2023-4162)
Vulnerability from cvelistv5 – Published: 2023-08-31 00:14 – Updated: 2024-09-30 15:47
VLAI?
Title
Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
Summary
A
segmentation fault can occur in Brocade Fabric OS after Brocade Fabric
OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg
command. This
could allow an authenticated privileged user local user to crash a
Brocade Fabric OS swith using the cli “passwdcfg --set -expire
-minDiff“.
Severity ?
4.4 (Medium)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231124-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:44:50.392651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:47:48.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Directors",
"Extensions Switches",
"Switches"
],
"product": "Fabric OS",
"vendor": "Brocade",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\n segmentation fault can occur in Brocade Fabric OS after Brocade Fabric \nOS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg \ncommand. This\n could allow an authenticated privileged user local user to crash a \nBrocade Fabric OS swith using the cli \u201cpasswdcfg --set -expire \n-minDiff\u201c."
}
],
"value": "A\n segmentation fault can occur in Brocade Fabric OS after Brocade Fabric \nOS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg \ncommand. This\n could allow an authenticated privileged user local user to crash a \nBrocade Fabric OS swith using the cli \u201cpasswdcfg --set -expire \n-minDiff\u201c."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T22:00:38.366Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0010/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2023-4162",
"datePublished": "2023-08-31T00:14:15.612Z",
"dateReserved": "2023-08-04T18:20:32.891Z",
"dateUpdated": "2024-09-30T15:47:48.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44182 (GCVE-0-2023-44182)
Vulnerability from cvelistv5 – Published: 2023-10-12 23:01 – Updated: 2025-02-27 20:41
VLAI?
Title
Junos OS and Junos OS Evolved: An Unchecked Return Value in multiple users interfaces affects confidentiality and integrity of device operations
Summary
An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.
Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S7;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S2;
* 22.2 versions prior to 22.2R2-S2, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
Juniper Networks Junos OS Evolved
* All versions prior to 21.4R3-S3-EVO;
* 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;
* 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
Severity ?
7.3 (High)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA73149 | vendor-advisory |
| https://www.juniper.net/documentation/us/en/softw… | product |
| https://www.juniper.net/documentation/en_US/junos… | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S7
(semver)
Affected: 21.1 , < 21.1R3-S5 (semver) Affected: 21.2 , < 21.2R3-S5 (semver) Affected: 21.3 , < 21.3R3-S4 (semver) Affected: 21.4 , < 21.4R3-S3 (semver) Affected: 22.1 , < 22.1R3-S2 (semver) Affected: 22.2 , < 22.2R2-S2, 22.2R3 (semver) Affected: 22.3 , < 22.3R1-S2, 22.3R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.4R3-S3-EVO
(semver)
Affected: 22.1R1-EVO , < 22.1*-EVO (semver) Affected: 22.2-EVO , < 22.2R2-S2-EVO, 22.2R3-EVO (semver) Affected: 22.3-EVO , < 22.3R1-S2-EVO, 22.3R2-EVO (semver) |
Date Public ?
2023-10-11 16:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73149"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:40.482537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:41:46.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S5",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S2, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S2, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S3-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1*-EVO",
"status": "affected",
"version": "22.1R1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S2-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S2-EVO, 22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConfigurations that are required for exposure to this issue vary. See the Reference URL resources and additional product-specific documentation.\u003c/p\u003e"
}
],
"value": "Configurations that are required for exposure to this issue vary. See the Reference URL resources and additional product-specific documentation.\n\n"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\u003c/p\u003e\u003cp\u003eMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S7;\u003c/li\u003e\u003cli\u003e21.1 versions prior to 21.1R3-S5;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S4;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S3;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S2;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R2-S2, 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R1-S2, 22.3R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 21.4R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\n\nMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R2-S2, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:07:05.978Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73149"
},
{
"tags": [
"product"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html"
},
{
"tags": [
"product"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R1-S2, 22.3R2, 22.3R3, 22.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.4R3-S3-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.3R1-S2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R1-S2, 22.3R2, 22.3R3, 22.4R1, and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-S3-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.3R1-S2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73149",
"defect": [
"1668201"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: An Unchecked Return Value in multiple users interfaces affects confidentiality and integrity of device operations",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\u003cp\u003eMethods that may reduce, but not eliminate, the risk of exploitation of these problems, and which do not mitigate or resolve the underlying problems include:\u003c/p\u003e\u003cp\u003e\u2022\tDiscontinuing the use of any unnecessary administrative interfaces to the system\u003c/p\u003e\u003cp\u003e\u2022\tUsing access lists or firewall filters to limit access to the device only from trusted users, hosts, and networks\u003c/p\u003e\u003cp\u003e\u2022\tLimiting the number of changes performed to a device through administrative interfaces\u003c/p\u003e\u003cp\u003e\u2022\tReducing the frequency of unique telemetry events\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nMethods that may reduce, but not eliminate, the risk of exploitation of these problems, and which do not mitigate or resolve the underlying problems include:\n\n\u2022\tDiscontinuing the use of any unnecessary administrative interfaces to the system\n\n\u2022\tUsing access lists or firewall filters to limit access to the device only from trusted users, hosts, and networks\n\n\u2022\tLimiting the number of changes performed to a device through administrative interfaces\n\n\u2022\tReducing the frequency of unique telemetry events\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44182",
"datePublished": "2023-10-12T23:01:52.460Z",
"dateReserved": "2023-09-26T19:30:17.664Z",
"dateUpdated": "2025-02-27T20:41:46.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44322 (GCVE-0-2023-44322)
Vulnerability from cvelistv5 – Published: 2023-11-14 11:04 – Updated: 2026-02-25 16:51
VLAI?
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur.
Severity ?
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
6 references
Impacted products
39 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M804PB |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M826-2 SHDSL-Router |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M874-2 |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M874-3 |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M876-3 |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M876-3 (ROK) |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M876-4 |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M876-4 (EU) |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE M876-4 (NAM) |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (EU) |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (EU) |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (RoW) |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE S615 EEC LAN-Router |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE S615 LAN-Router |
Affected:
0 , < V8.0
(custom)
|
|
| Siemens | SCALANCE WAB762-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM763-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUB762-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUB762-1 iFeatures |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM763-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM763-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM763-1 (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM763-1 (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM766-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (USA) |
Affected:
0 , < V3.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:52.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-06T05:01:09.786233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:51:10.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1 iFeatures",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions \u003c V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions \u003c V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions \u003c V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions \u003c V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions \u003c V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions \u003c V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions \u003c V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions \u003c V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions \u003c V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions \u003c V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions \u003c V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions \u003c V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions \u003c V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions \u003c V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions \u003c V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions \u003c V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions \u003c V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions \u003c V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions \u003c V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions \u003c V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions \u003c V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions \u003c V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions \u003c V3.0.0). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T10:28:31.825Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-44322",
"datePublished": "2023-11-14T11:04:06.212Z",
"dateReserved": "2023-09-28T16:24:50.190Z",
"dateUpdated": "2026-02-25T16:51:10.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-53
Phase: Implementation
Description:
- Check the results of all functions that return a value and verify that the value is expected.
Mitigation ID: MIT-56
Phase: Implementation
Description:
- For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Phase: Implementation
Description:
- Ensure that you account for all possible return values from the function.
Mitigation
Phase: Implementation
Description:
- When designing a function, make sure you return a value or throw an exception in case of an error.
No CAPEC attack patterns related to this CWE.