Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
CVE-2023-20109 (GCVE-0-2023-20109)
Vulnerability from cvelistv5 – Published: 2023-09-27 17:23 – Updated: 2025-10-21 23:05
VLAI
Summary
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.
This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.
Severity
6.6 (Medium)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/c… | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | IOS |
Affected:
12.4(24)T
Affected: 12.4(24)T3 Affected: 12.4(22)T1 Affected: 12.4(24)T5 Affected: 12.4(24)T4 Affected: 12.4(22)T Affected: 12.4(24)T8 Affected: 12.4(24)T2 Affected: 12.4(22)T5 Affected: 12.4(22)T4 Affected: 12.4(24)T1 Affected: 12.4(24)T7 Affected: 12.4(22)T3 Affected: 12.4(24)T6 Affected: 12.4(22)T2 Affected: 12.4(24)T4a Affected: 12.4(24)T4b Affected: 12.4(24)T3e Affected: 12.4(24)T4c Affected: 12.4(24)T4d Affected: 12.4(24)T4e Affected: 12.4(24)T3f Affected: 12.4(24)T4f Affected: 12.4(24)T4l Affected: 12.4(24)MD1 Affected: 12.4(24)MD Affected: 12.4(24)MD3 Affected: 12.4(24)MD2 Affected: 12.4(22)MD1 Affected: 12.4(22)MD2 Affected: 12.4(24)MD5 Affected: 12.4(22)MD Affected: 12.4(24)MD4 Affected: 12.4(24)MD6 Affected: 12.4(24)MD7 Affected: 12.4(22)XR5 Affected: 12.4(22)XR4 Affected: 12.4(22)XR7 Affected: 12.4(22)XR2 Affected: 12.4(22)XR6 Affected: 12.4(22)XR10 Affected: 12.4(22)XR1 Affected: 12.4(22)XR9 Affected: 12.4(22)XR3 Affected: 12.4(22)XR8 Affected: 12.4(22)XR11 Affected: 12.4(22)XR12 Affected: 12.4(22)MDA3 Affected: 12.4(24)MDA5 Affected: 12.4(22)MDA5 Affected: 12.4(24)MDA3 Affected: 12.4(22)MDA4 Affected: 12.4(24)MDA4 Affected: 12.4(24)MDA1 Affected: 12.4(22)MDA Affected: 12.4(22)MDA2 Affected: 12.4(22)MDA1 Affected: 12.4(24)MDA2 Affected: 12.4(22)MDA6 Affected: 12.4(24)MDA6 Affected: 12.4(24)MDA7 Affected: 12.4(24)MDA8 Affected: 12.4(24)MDA10 Affected: 12.4(24)MDA9 Affected: 12.4(24)MDA11 Affected: 12.4(24)MDA12 Affected: 12.4(24)MDA13 Affected: 12.4(24)YG3 Affected: 12.4(24)YG4 Affected: 12.4(24)YG1 Affected: 12.4(24)YG2 Affected: 12.4(24)YG Affected: 15.0(1)M1 Affected: 15.0(1)M5 Affected: 15.0(1)M4 Affected: 15.0(1)M3 Affected: 15.0(1)M2 Affected: 15.0(1)M6 Affected: 15.0(1)M Affected: 15.0(1)M7 Affected: 15.0(1)M10 Affected: 15.0(1)M9 Affected: 15.0(1)M8 Affected: 15.0(1)XA2 Affected: 15.0(1)XA4 Affected: 15.0(1)XA1 Affected: 15.0(1)XA3 Affected: 15.0(1)XA Affected: 15.0(1)XA5 Affected: 15.1(2)T Affected: 15.1(1)T4 Affected: 15.1(3)T2 Affected: 15.1(1)T1 Affected: 15.1(2)T0a Affected: 15.1(3)T3 Affected: 15.1(1)T3 Affected: 15.1(2)T3 Affected: 15.1(2)T4 Affected: 15.1(1)T2 Affected: 15.1(3)T Affected: 15.1(2)T2a Affected: 15.1(3)T1 Affected: 15.1(1)T Affected: 15.1(2)T2 Affected: 15.1(2)T1 Affected: 15.1(2)T5 Affected: 15.1(3)T4 Affected: 15.1(1)T5 Affected: 15.1(1)XB Affected: 15.0(1)S2 Affected: 15.0(1)S1 Affected: 15.0(1)S Affected: 15.0(1)S3a Affected: 15.0(1)S4 Affected: 15.0(1)S5 Affected: 15.0(1)S4a Affected: 15.0(1)S6 Affected: 15.2(1)S Affected: 15.2(2)S Affected: 15.2(1)S1 Affected: 15.2(4)S Affected: 15.2(1)S2 Affected: 15.2(2)S1 Affected: 15.2(2)S2 Affected: 15.2(2)S0a Affected: 15.2(2)S0c Affected: 15.2(4)S1 Affected: 15.2(4)S4 Affected: 15.2(4)S6 Affected: 15.2(4)S2 Affected: 15.2(4)S5 Affected: 15.2(4)S3 Affected: 15.2(4)S3a Affected: 15.2(4)S4a Affected: 15.2(4)S7 Affected: 15.3(1)T Affected: 15.3(2)T Affected: 15.3(1)T1 Affected: 15.3(1)T2 Affected: 15.3(1)T3 Affected: 15.3(1)T4 Affected: 15.3(2)T1 Affected: 15.3(2)T2 Affected: 15.3(2)T3 Affected: 15.3(2)T4 Affected: 15.0(2)EY Affected: 15.0(2)EY1 Affected: 15.0(2)EY2 Affected: 15.0(2)EY3 Affected: 15.1(2)S Affected: 15.1(1)S Affected: 15.1(1)S1 Affected: 15.1(3)S Affected: 15.1(1)S2 Affected: 15.1(2)S1 Affected: 15.1(2)S2 Affected: 15.1(3)S1 Affected: 15.1(3)S0a Affected: 15.1(3)S2 Affected: 15.1(3)S4 Affected: 15.1(3)S3 Affected: 15.1(3)S5 Affected: 15.1(3)S6 Affected: 15.1(3)S5a Affected: 15.1(4)M3 Affected: 15.1(4)M Affected: 15.1(4)M1 Affected: 15.1(4)M2 Affected: 15.1(4)M6 Affected: 15.1(4)M5 Affected: 15.1(4)M4 Affected: 15.1(4)M7 Affected: 15.1(4)M3a Affected: 15.1(4)M10 Affected: 15.1(4)M8 Affected: 15.1(4)M9 Affected: 15.0(2)SE Affected: 15.0(2)SE1 Affected: 15.0(2)SE2 Affected: 15.0(2)SE3 Affected: 15.0(2)SE4 Affected: 15.0(2)SE5 Affected: 15.0(2)SE6 Affected: 15.0(2)SE7 Affected: 15.0(2)SE8 Affected: 15.0(2)SE9 Affected: 15.0(2)SE10 Affected: 15.0(2)SE11 Affected: 15.0(2)SE10a Affected: 15.0(2)SE12 Affected: 15.0(2)SE13 Affected: 15.1(2)GC Affected: 15.1(2)GC1 Affected: 15.1(2)GC2 Affected: 15.1(4)GC Affected: 15.1(4)GC1 Affected: 15.1(4)GC2 Affected: 15.1(1)SG Affected: 15.1(2)SG Affected: 15.1(1)SG1 Affected: 15.1(1)SG2 Affected: 15.1(2)SG1 Affected: 15.1(2)SG2 Affected: 15.1(2)SG3 Affected: 15.1(2)SG4 Affected: 15.1(2)SG5 Affected: 15.1(2)SG6 Affected: 15.1(2)SG7 Affected: 15.1(2)SG8 Affected: 15.0(1)MR Affected: 15.0(2)MR Affected: 15.2(4)M Affected: 15.2(4)M1 Affected: 15.2(4)M2 Affected: 15.2(4)M4 Affected: 15.2(4)M3 Affected: 15.2(4)M5 Affected: 15.2(4)M8 Affected: 15.2(4)M10 Affected: 15.2(4)M7 Affected: 15.2(4)M6 Affected: 15.2(4)M9 Affected: 15.2(4)M6a Affected: 15.2(4)M11 Affected: 12.4(24)MDB Affected: 12.4(24)MDB1 Affected: 12.4(24)MDB3 Affected: 12.4(24)MDB4 Affected: 12.4(24)MDB5 Affected: 12.4(24)MDB6 Affected: 12.4(24)MDB7 Affected: 12.4(24)MDB5a Affected: 12.4(24)MDB8 Affected: 12.4(24)MDB9 Affected: 12.4(24)MDB10 Affected: 12.4(24)MDB11 Affected: 12.4(24)MDB12 Affected: 12.4(24)MDB13 Affected: 12.4(24)MDB14 Affected: 12.4(24)MDB15 Affected: 12.4(24)MDB16 Affected: 12.4(24)MDB17 Affected: 12.4(24)MDB18 Affected: 12.4(24)MDB19 Affected: 15.0(2)EX Affected: 15.0(2)EX1 Affected: 15.0(2)EX2 Affected: 15.0(2)EX3 Affected: 15.0(2)EX4 Affected: 15.0(2)EX5 Affected: 15.0(2)EX8 Affected: 15.0(2a)EX5 Affected: 15.0(2)EX10 Affected: 15.0(2)EX11 Affected: 15.0(2)EX13 Affected: 15.0(2)EX12 Affected: 15.2(1)GC Affected: 15.2(1)GC1 Affected: 15.2(1)GC2 Affected: 15.2(2)GC Affected: 15.2(3)GC Affected: 15.2(3)GC1 Affected: 15.2(4)GC Affected: 15.2(4)GC1 Affected: 15.2(4)GC2 Affected: 15.2(4)GC3 Affected: 15.1(1)SY Affected: 15.1(1)SY1 Affected: 15.1(2)SY Affected: 15.1(2)SY1 Affected: 15.1(2)SY2 Affected: 15.1(1)SY2 Affected: 15.1(1)SY3 Affected: 15.1(2)SY3 Affected: 15.1(1)SY4 Affected: 15.1(2)SY4 Affected: 15.1(1)SY5 Affected: 15.1(2)SY5 Affected: 15.1(2)SY4a Affected: 15.1(1)SY6 Affected: 15.1(2)SY6 Affected: 15.1(2)SY7 Affected: 15.1(2)SY8 Affected: 15.1(2)SY9 Affected: 15.1(2)SY10 Affected: 15.1(2)SY11 Affected: 15.1(2)SY12 Affected: 15.1(2)SY13 Affected: 15.1(2)SY14 Affected: 15.1(2)SY15 Affected: 15.1(2)SY16 Affected: 15.3(1)S Affected: 15.3(2)S Affected: 15.3(3)S Affected: 15.3(1)S2 Affected: 15.3(1)S1 Affected: 15.3(2)S2 Affected: 15.3(2)S1 Affected: 15.3(3)S1 Affected: 15.3(3)S2 Affected: 15.3(3)S3 Affected: 15.3(3)S6 Affected: 15.3(3)S4 Affected: 15.3(3)S1a Affected: 15.3(3)S5 Affected: 15.3(3)S7 Affected: 15.3(3)S8 Affected: 15.3(3)S9 Affected: 15.3(3)S10 Affected: 15.3(3)S8a Affected: 15.4(1)T Affected: 15.4(2)T Affected: 15.4(1)T2 Affected: 15.4(1)T1 Affected: 15.4(1)T3 Affected: 15.4(2)T1 Affected: 15.4(2)T3 Affected: 15.4(2)T2 Affected: 15.4(1)T4 Affected: 15.4(2)T4 Affected: 15.0(2)EA Affected: 15.0(2)EA1 Affected: 15.2(1)E Affected: 15.2(2)E Affected: 15.2(1)E1 Affected: 15.2(3)E Affected: 15.2(1)E2 Affected: 15.2(1)E3 Affected: 15.2(2)E1 Affected: 15.2(4)E Affected: 15.2(3)E1 Affected: 15.2(2)E2 Affected: 15.2(2a)E1 Affected: 15.2(2)E3 Affected: 15.2(2a)E2 Affected: 15.2(3)E2 Affected: 15.2(3a)E Affected: 15.2(3)E3 Affected: 15.2(4)E1 Affected: 15.2(2)E4 Affected: 15.2(2)E5 Affected: 15.2(4)E2 Affected: 15.2(3)E4 Affected: 15.2(5)E Affected: 15.2(4)E3 Affected: 15.2(2)E6 Affected: 15.2(5a)E Affected: 15.2(5)E1 Affected: 15.2(5b)E Affected: 15.2(2)E5a Affected: 15.2(5c)E Affected: 15.2(3)E5 Affected: 15.2(2)E5b Affected: 15.2(5a)E1 Affected: 15.2(4)E4 Affected: 15.2(2)E7 Affected: 15.2(5)E2 Affected: 15.2(6)E Affected: 15.2(5)E2b Affected: 15.2(4)E5 Affected: 15.2(5)E2c Affected: 15.2(2)E8 Affected: 15.2(6)E0a Affected: 15.2(6)E1 Affected: 15.2(2)E7b Affected: 15.2(4)E5a Affected: 15.2(6)E0c Affected: 15.2(4)E6 Affected: 15.2(6)E2 Affected: 15.2(2)E9 Affected: 15.2(4)E7 Affected: 15.2(7)E Affected: 15.2(2)E10 Affected: 15.2(4)E8 Affected: 15.2(6)E2a Affected: 15.2(6)E2b Affected: 15.2(7)E1 Affected: 15.2(7)E0a Affected: 15.2(7)E0b Affected: 15.2(7)E0s Affected: 15.2(6)E3 Affected: 15.2(4)E9 Affected: 15.2(7)E2 Affected: 15.2(7a)E0b Affected: 15.2(4)E10 Affected: 15.2(7)E3 Affected: 15.2(7)E1a Affected: 15.2(7b)E0b Affected: 15.2(7)E2a Affected: 15.2(4)E10a Affected: 15.2(7)E4 Affected: 15.2(7)E3k Affected: 15.2(8)E Affected: 15.2(8)E1 Affected: 15.2(7)E5 Affected: 15.2(7)E6 Affected: 15.2(8)E2 Affected: 15.2(4)E10d Affected: 15.2(7)E7 Affected: 15.2(8)E3 Affected: 15.2(7)E8 Affected: 15.2(8)E4 Affected: 15.1(3)MRA Affected: 15.1(3)MRA1 Affected: 15.1(3)MRA2 Affected: 15.1(3)MRA3 Affected: 15.1(3)MRA4 Affected: 15.1(3)SVB1 Affected: 15.1(3)SVB2 Affected: 15.4(1)S Affected: 15.4(2)S Affected: 15.4(3)S Affected: 15.4(1)S1 Affected: 15.4(1)S2 Affected: 15.4(2)S1 Affected: 15.4(1)S3 Affected: 15.4(3)S1 Affected: 15.4(2)S2 Affected: 15.4(3)S2 Affected: 15.4(3)S3 Affected: 15.4(1)S4 Affected: 15.4(2)S3 Affected: 15.4(2)S4 Affected: 15.4(3)S4 Affected: 15.4(3)S5 Affected: 15.4(3)S6 Affected: 15.4(3)S7 Affected: 15.4(3)S6a Affected: 15.4(3)S8 Affected: 15.4(3)S9 Affected: 15.4(3)S10 Affected: 15.3(3)M Affected: 15.3(3)M1 Affected: 15.3(3)M2 Affected: 15.3(3)M3 Affected: 15.3(3)M5 Affected: 15.3(3)M4 Affected: 15.3(3)M6 Affected: 15.3(3)M7 Affected: 15.3(3)M8 Affected: 15.3(3)M9 Affected: 15.3(3)M10 Affected: 15.3(3)M8a Affected: 15.0(2)EZ Affected: 15.1(3)SVD Affected: 15.1(3)SVD1 Affected: 15.1(3)SVD2 Affected: 15.2(1)EY Affected: 15.0(2)EJ Affected: 15.0(2)EJ1 Affected: 15.2(1)SY Affected: 15.2(1)SY1 Affected: 15.2(1)SY0a Affected: 15.2(1)SY2 Affected: 15.2(2)SY Affected: 15.2(1)SY1a Affected: 15.2(2)SY1 Affected: 15.2(2)SY2 Affected: 15.2(1)SY3 Affected: 15.2(1)SY4 Affected: 15.2(2)SY3 Affected: 15.2(1)SY5 Affected: 15.2(1)SY6 Affected: 15.2(1)SY7 Affected: 15.2(1)SY8 Affected: 15.2(5)EX Affected: 15.1(3)SVF Affected: 15.1(3)SVF1 Affected: 15.1(3)SVE Affected: 15.4(3)M Affected: 15.4(3)M1 Affected: 15.4(3)M2 Affected: 15.4(3)M3 Affected: 15.4(3)M4 Affected: 15.4(3)M5 Affected: 15.4(3)M6 Affected: 15.4(3)M7 Affected: 15.4(3)M6a Affected: 15.4(3)M8 Affected: 15.4(3)M9 Affected: 15.4(3)M10 Affected: 15.0(2)EK Affected: 15.0(2)EK1 Affected: 15.4(1)CG Affected: 15.4(1)CG1 Affected: 15.4(2)CG Affected: 15.5(1)S Affected: 15.5(2)S Affected: 15.5(1)S1 Affected: 15.5(3)S Affected: 15.5(1)S2 Affected: 15.5(1)S3 Affected: 15.5(2)S1 Affected: 15.5(2)S2 Affected: 15.5(3)S1 Affected: 15.5(3)S1a Affected: 15.5(2)S3 Affected: 15.5(3)S2 Affected: 15.5(3)S0a Affected: 15.5(3)S3 Affected: 15.5(1)S4 Affected: 15.5(2)S4 Affected: 15.5(3)S4 Affected: 15.5(3)S5 Affected: 15.5(3)S6 Affected: 15.5(3)S6a Affected: 15.5(3)S7 Affected: 15.5(3)S6b Affected: 15.5(3)S8 Affected: 15.5(3)S9 Affected: 15.5(3)S10 Affected: 15.5(3)S9a Affected: 15.1(3)SVG Affected: 15.2(2)EB Affected: 15.2(2)EB1 Affected: 15.2(2)EB2 Affected: 15.2(6)EB Affected: 15.5(1)T Affected: 15.5(1)T1 Affected: 15.5(2)T Affected: 15.5(1)T2 Affected: 15.5(1)T3 Affected: 15.5(2)T1 Affected: 15.5(2)T2 Affected: 15.5(2)T3 Affected: 15.5(2)T4 Affected: 15.5(1)T4 Affected: 15.2(2)EA Affected: 15.2(2)EA1 Affected: 15.2(2)EA2 Affected: 15.2(3)EA Affected: 15.2(4)EA Affected: 15.2(4)EA1 Affected: 15.2(2)EA3 Affected: 15.2(4)EA3 Affected: 15.2(5)EA Affected: 15.2(4)EA4 Affected: 15.2(4)EA5 Affected: 15.2(4)EA6 Affected: 15.2(4)EA7 Affected: 15.2(4)EA8 Affected: 15.2(4)EA9 Affected: 15.2(4)EA9a Affected: 15.5(3)M Affected: 15.5(3)M1 Affected: 15.5(3)M0a Affected: 15.5(3)M2 Affected: 15.5(3)M3 Affected: 15.5(3)M4 Affected: 15.5(3)M4a Affected: 15.5(3)M5 Affected: 15.5(3)M6 Affected: 15.5(3)M7 Affected: 15.5(3)M6a Affected: 15.5(3)M8 Affected: 15.5(3)M9 Affected: 15.5(3)M10 Affected: 15.5(3)SN Affected: 15.6(1)S Affected: 15.6(2)S Affected: 15.6(2)S1 Affected: 15.6(1)S1 Affected: 15.6(1)S2 Affected: 15.6(2)S2 Affected: 15.6(1)S3 Affected: 15.6(2)S3 Affected: 15.6(1)S4 Affected: 15.6(2)S4 Affected: 15.6(1)T Affected: 15.6(2)T Affected: 15.6(1)T0a Affected: 15.6(1)T1 Affected: 15.6(2)T1 Affected: 15.6(1)T2 Affected: 15.6(2)T2 Affected: 15.6(1)T3 Affected: 15.6(2)T3 Affected: 15.3(1)SY Affected: 15.3(1)SY1 Affected: 15.3(1)SY2 Affected: 15.6(2)SP Affected: 15.6(2)SP1 Affected: 15.6(2)SP2 Affected: 15.6(2)SP3 Affected: 15.6(2)SP4 Affected: 15.6(2)SP5 Affected: 15.6(2)SP6 Affected: 15.6(2)SP7 Affected: 15.6(2)SP8 Affected: 15.6(2)SP9 Affected: 15.6(2)SP10 Affected: 15.6(2)SN Affected: 15.6(3)M Affected: 15.6(3)M1 Affected: 15.6(3)M0a Affected: 15.6(3)M1b Affected: 15.6(3)M2 Affected: 15.6(3)M2a Affected: 15.6(3)M3 Affected: 15.6(3)M3a Affected: 15.6(3)M4 Affected: 15.6(3)M5 Affected: 15.6(3)M6 Affected: 15.6(3)M7 Affected: 15.6(3)M6a Affected: 15.6(3)M6b Affected: 15.6(3)M8 Affected: 15.6(3)M9 Affected: 15.1(3)SVJ2 Affected: 15.2(4)EC1 Affected: 15.2(4)EC2 Affected: 15.4(1)SY Affected: 15.4(1)SY1 Affected: 15.4(1)SY2 Affected: 15.4(1)SY3 Affected: 15.4(1)SY4 Affected: 15.5(1)SY Affected: 15.5(1)SY1 Affected: 15.5(1)SY2 Affected: 15.5(1)SY3 Affected: 15.5(1)SY4 Affected: 15.5(1)SY5 Affected: 15.5(1)SY6 Affected: 15.5(1)SY7 Affected: 15.5(1)SY8 Affected: 15.5(1)SY9 Affected: 15.5(1)SY10 Affected: 15.5(1)SY11 Affected: 15.7(3)M Affected: 15.7(3)M1 Affected: 15.7(3)M0a Affected: 15.7(3)M3 Affected: 15.7(3)M2 Affected: 15.7(3)M4 Affected: 15.7(3)M5 Affected: 15.7(3)M4a Affected: 15.7(3)M4b Affected: 15.7(3)M6 Affected: 15.7(3)M7 Affected: 15.7(3)M8 Affected: 15.7(3)M9 Affected: 15.8(3)M Affected: 15.8(3)M1 Affected: 15.8(3)M0a Affected: 15.8(3)M0b Affected: 15.8(3)M2 Affected: 15.8(3)M1a Affected: 15.8(3)M3 Affected: 15.8(3)M2a Affected: 15.8(3)M4 Affected: 15.8(3)M3a Affected: 15.8(3)M3b Affected: 15.8(3)M5 Affected: 15.8(3)M6 Affected: 15.8(3)M7 Affected: 15.8(3)M8 Affected: 15.8(3)M9 Affected: 15.8(3)M10 Affected: 15.9(3)M Affected: 15.9(3)M1 Affected: 15.9(3)M0a Affected: 15.9(3)M2 Affected: 15.9(3)M3 Affected: 15.9(3)M2a Affected: 15.9(3)M3a Affected: 15.9(3)M4 Affected: 15.9(3)M3b Affected: 15.9(3)M5 Affected: 15.9(3)M4a Affected: 15.9(3)M6 Affected: 15.9(3)M7 Affected: 15.9(3)M6a Affected: 15.9(3)M6b Affected: 15.9(3)M7a |
|
| Cisco | Cisco IOS XE Software |
Affected:
3.7.0S
Affected: 3.7.1S Affected: 3.7.2S Affected: 3.7.3S Affected: 3.7.4S Affected: 3.7.5S Affected: 3.7.6S Affected: 3.7.7S Affected: 3.7.4aS Affected: 3.7.2tS Affected: 3.7.0bS Affected: 3.7.1aS Affected: 3.3.0SG Affected: 3.3.2SG Affected: 3.3.1SG Affected: 3.8.0S Affected: 3.8.1S Affected: 3.8.2S Affected: 3.9.1S Affected: 3.9.0S Affected: 3.9.2S Affected: 3.9.1aS Affected: 3.9.0aS Affected: 3.4.0SG Affected: 3.4.2SG Affected: 3.4.1SG Affected: 3.4.3SG Affected: 3.4.4SG Affected: 3.4.5SG Affected: 3.4.6SG Affected: 3.4.7SG Affected: 3.4.8SG Affected: 3.5.0E Affected: 3.5.1E Affected: 3.5.2E Affected: 3.5.3E Affected: 3.10.0S Affected: 3.10.1S Affected: 3.10.2S Affected: 3.10.3S Affected: 3.10.4S Affected: 3.10.5S Affected: 3.10.6S Affected: 3.10.2tS Affected: 3.10.7S Affected: 3.10.1xbS Affected: 3.10.8S Affected: 3.10.8aS Affected: 3.10.9S Affected: 3.10.10S Affected: 3.11.1S Affected: 3.11.2S Affected: 3.11.0S Affected: 3.11.3S Affected: 3.11.4S Affected: 3.12.0S Affected: 3.12.1S Affected: 3.12.2S Affected: 3.12.3S Affected: 3.12.0aS Affected: 3.12.4S Affected: 3.13.0S Affected: 3.13.1S Affected: 3.13.2S Affected: 3.13.3S Affected: 3.13.4S Affected: 3.13.5S Affected: 3.13.2aS Affected: 3.13.0aS Affected: 3.13.5aS Affected: 3.13.6S Affected: 3.13.7S Affected: 3.13.6aS Affected: 3.13.7aS Affected: 3.13.8S Affected: 3.13.9S Affected: 3.13.10S Affected: 3.6.0E Affected: 3.6.1E Affected: 3.6.2aE Affected: 3.6.2E Affected: 3.6.3E Affected: 3.6.4E Affected: 3.6.5E Affected: 3.6.6E Affected: 3.6.5aE Affected: 3.6.5bE Affected: 3.6.7E Affected: 3.6.8E Affected: 3.6.7bE Affected: 3.6.9E Affected: 3.6.10E Affected: 3.14.0S Affected: 3.14.1S Affected: 3.14.2S Affected: 3.14.3S Affected: 3.14.4S Affected: 3.15.0S Affected: 3.15.1S Affected: 3.15.2S Affected: 3.15.1cS Affected: 3.15.3S Affected: 3.15.4S Affected: 3.16.0S Affected: 3.16.1S Affected: 3.16.1aS Affected: 3.16.2S Affected: 3.16.2aS Affected: 3.16.0cS Affected: 3.16.3S Affected: 3.16.2bS Affected: 3.16.3aS Affected: 3.16.4S Affected: 3.16.4aS Affected: 3.16.4bS Affected: 3.16.5S Affected: 3.16.4dS Affected: 3.16.6S Affected: 3.16.7S Affected: 3.16.6bS Affected: 3.16.7aS Affected: 3.16.7bS Affected: 3.16.8S Affected: 3.16.9S Affected: 3.16.10S Affected: 3.17.0S Affected: 3.17.1S Affected: 3.17.2S Affected: 3.17.1aS Affected: 3.17.3S Affected: 3.17.4S Affected: 16.1.1 Affected: 16.1.2 Affected: 16.1.3 Affected: 16.2.1 Affected: 16.2.2 Affected: 3.8.0E Affected: 3.8.1E Affected: 3.8.2E Affected: 3.8.3E Affected: 3.8.4E Affected: 3.8.5E Affected: 3.8.5aE Affected: 3.8.6E Affected: 3.8.7E Affected: 3.8.8E Affected: 3.8.9E Affected: 3.8.10E Affected: 16.3.1 Affected: 16.3.2 Affected: 16.3.3 Affected: 16.3.1a Affected: 16.3.4 Affected: 16.3.5 Affected: 16.3.5b Affected: 16.3.6 Affected: 16.3.7 Affected: 16.3.8 Affected: 16.3.9 Affected: 16.3.10 Affected: 16.3.11 Affected: 16.4.1 Affected: 16.4.2 Affected: 16.4.3 Affected: 16.5.1 Affected: 16.5.1a Affected: 16.5.1b Affected: 16.5.2 Affected: 16.5.3 Affected: 3.18.0aS Affected: 3.18.0S Affected: 3.18.1S Affected: 3.18.2S Affected: 3.18.3S Affected: 3.18.4S Affected: 3.18.0SP Affected: 3.18.1SP Affected: 3.18.1aSP Affected: 3.18.1bSP Affected: 3.18.1cSP Affected: 3.18.2SP Affected: 3.18.2aSP Affected: 3.18.3SP Affected: 3.18.4SP Affected: 3.18.3aSP Affected: 3.18.3bSP Affected: 3.18.5SP Affected: 3.18.6SP Affected: 3.18.7SP Affected: 3.18.8aSP Affected: 3.18.9SP Affected: 3.9.0E Affected: 3.9.1E Affected: 3.9.2E Affected: 16.6.1 Affected: 16.6.2 Affected: 16.6.3 Affected: 16.6.4 Affected: 16.6.5 Affected: 16.6.4a Affected: 16.6.5a Affected: 16.6.6 Affected: 16.6.7 Affected: 16.6.8 Affected: 16.6.9 Affected: 16.6.10 Affected: 16.7.1 Affected: 16.7.1a Affected: 16.7.1b Affected: 16.7.2 Affected: 16.7.3 Affected: 16.7.4 Affected: 16.8.1 Affected: 16.8.1a Affected: 16.8.1b Affected: 16.8.1s Affected: 16.8.1c Affected: 16.8.1d Affected: 16.8.2 Affected: 16.8.1e Affected: 16.8.3 Affected: 16.9.1 Affected: 16.9.2 Affected: 16.9.1a Affected: 16.9.1b Affected: 16.9.1s Affected: 16.9.3 Affected: 16.9.4 Affected: 16.9.3a Affected: 16.9.5 Affected: 16.9.5f Affected: 16.9.6 Affected: 16.9.7 Affected: 16.9.8 Affected: 16.10.1 Affected: 16.10.1a Affected: 16.10.1b Affected: 16.10.1s Affected: 16.10.1c Affected: 16.10.1e Affected: 16.10.1d Affected: 16.10.2 Affected: 16.10.1f Affected: 16.10.1g Affected: 16.10.3 Affected: 3.10.0E Affected: 3.10.1E Affected: 3.10.0cE Affected: 3.10.2E Affected: 3.10.3E Affected: 16.11.1 Affected: 16.11.1a Affected: 16.11.1b Affected: 16.11.2 Affected: 16.11.1s Affected: 16.12.1 Affected: 16.12.1s Affected: 16.12.1a Affected: 16.12.1c Affected: 16.12.1w Affected: 16.12.2 Affected: 16.12.1y Affected: 16.12.2a Affected: 16.12.3 Affected: 16.12.8 Affected: 16.12.2s Affected: 16.12.1x Affected: 16.12.1t Affected: 16.12.4 Affected: 16.12.3s Affected: 16.12.3a Affected: 16.12.4a Affected: 16.12.5 Affected: 16.12.6 Affected: 16.12.1z1 Affected: 16.12.5a Affected: 16.12.5b Affected: 16.12.1z2 Affected: 16.12.6a Affected: 16.12.7 Affected: 16.12.9 Affected: 3.11.0E Affected: 3.11.1E Affected: 3.11.2E Affected: 3.11.3E Affected: 3.11.1aE Affected: 3.11.4E Affected: 3.11.3aE Affected: 3.11.5E Affected: 3.11.6E Affected: 3.11.7E Affected: 3.11.8E Affected: 17.1.1 Affected: 17.1.1a Affected: 17.1.1s Affected: 17.1.1t Affected: 17.1.3 Affected: 17.2.1 Affected: 17.2.1r Affected: 17.2.1a Affected: 17.2.1v Affected: 17.2.2 Affected: 17.2.3 Affected: 17.3.1 Affected: 17.3.2 Affected: 17.3.3 Affected: 17.3.1a Affected: 17.3.1w Affected: 17.3.2a Affected: 17.3.1x Affected: 17.3.1z Affected: 17.3.4 Affected: 17.3.5 Affected: 17.3.4a Affected: 17.3.6 Affected: 17.3.4b Affected: 17.3.4c Affected: 17.3.5a Affected: 17.3.5b Affected: 17.3.7 Affected: 17.4.1 Affected: 17.4.2 Affected: 17.4.1a Affected: 17.4.1b Affected: 17.4.2a Affected: 17.5.1 Affected: 17.5.1a Affected: 17.5.1c Affected: 17.6.1 Affected: 17.6.2 Affected: 17.6.1w Affected: 17.6.1a Affected: 17.6.1x Affected: 17.6.3 Affected: 17.6.1y Affected: 17.6.1z Affected: 17.6.3a Affected: 17.6.4 Affected: 17.6.1z1 Affected: 17.6.5 Affected: 17.6.5a Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.1b Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.10.1b Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.1w Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.1x Affected: 17.9.1y Affected: 17.9.3 Affected: 17.9.2a Affected: 17.9.1x1 Affected: 17.9.3a Affected: 17.9.1y1 Affected: 17.11.1 Affected: 17.11.1a Affected: 17.11.99SW |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:36.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-getvpn-rce-g8qR68sx",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20109",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T18:52:07.119633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20109"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:36.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20109"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000Z",
"value": "CVE-2023-20109 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.4(24)T"
},
{
"status": "affected",
"version": "12.4(24)T3"
},
{
"status": "affected",
"version": "12.4(22)T1"
},
{
"status": "affected",
"version": "12.4(24)T5"
},
{
"status": "affected",
"version": "12.4(24)T4"
},
{
"status": "affected",
"version": "12.4(22)T"
},
{
"status": "affected",
"version": "12.4(24)T8"
},
{
"status": "affected",
"version": "12.4(24)T2"
},
{
"status": "affected",
"version": "12.4(22)T5"
},
{
"status": "affected",
"version": "12.4(22)T4"
},
{
"status": "affected",
"version": "12.4(24)T1"
},
{
"status": "affected",
"version": "12.4(24)T7"
},
{
"status": "affected",
"version": "12.4(22)T3"
},
{
"status": "affected",
"version": "12.4(24)T6"
},
{
"status": "affected",
"version": "12.4(22)T2"
},
{
"status": "affected",
"version": "12.4(24)T4a"
},
{
"status": "affected",
"version": "12.4(24)T4b"
},
{
"status": "affected",
"version": "12.4(24)T3e"
},
{
"status": "affected",
"version": "12.4(24)T4c"
},
{
"status": "affected",
"version": "12.4(24)T4d"
},
{
"status": "affected",
"version": "12.4(24)T4e"
},
{
"status": "affected",
"version": "12.4(24)T3f"
},
{
"status": "affected",
"version": "12.4(24)T4f"
},
{
"status": "affected",
"version": "12.4(24)T4l"
},
{
"status": "affected",
"version": "12.4(24)MD1"
},
{
"status": "affected",
"version": "12.4(24)MD"
},
{
"status": "affected",
"version": "12.4(24)MD3"
},
{
"status": "affected",
"version": "12.4(24)MD2"
},
{
"status": "affected",
"version": "12.4(22)MD1"
},
{
"status": "affected",
"version": "12.4(22)MD2"
},
{
"status": "affected",
"version": "12.4(24)MD5"
},
{
"status": "affected",
"version": "12.4(22)MD"
},
{
"status": "affected",
"version": "12.4(24)MD4"
},
{
"status": "affected",
"version": "12.4(24)MD6"
},
{
"status": "affected",
"version": "12.4(24)MD7"
},
{
"status": "affected",
"version": "12.4(22)XR5"
},
{
"status": "affected",
"version": "12.4(22)XR4"
},
{
"status": "affected",
"version": "12.4(22)XR7"
},
{
"status": "affected",
"version": "12.4(22)XR2"
},
{
"status": "affected",
"version": "12.4(22)XR6"
},
{
"status": "affected",
"version": "12.4(22)XR10"
},
{
"status": "affected",
"version": "12.4(22)XR1"
},
{
"status": "affected",
"version": "12.4(22)XR9"
},
{
"status": "affected",
"version": "12.4(22)XR3"
},
{
"status": "affected",
"version": "12.4(22)XR8"
},
{
"status": "affected",
"version": "12.4(22)XR11"
},
{
"status": "affected",
"version": "12.4(22)XR12"
},
{
"status": "affected",
"version": "12.4(22)MDA3"
},
{
"status": "affected",
"version": "12.4(24)MDA5"
},
{
"status": "affected",
"version": "12.4(22)MDA5"
},
{
"status": "affected",
"version": "12.4(24)MDA3"
},
{
"status": "affected",
"version": "12.4(22)MDA4"
},
{
"status": "affected",
"version": "12.4(24)MDA4"
},
{
"status": "affected",
"version": "12.4(24)MDA1"
},
{
"status": "affected",
"version": "12.4(22)MDA"
},
{
"status": "affected",
"version": "12.4(22)MDA2"
},
{
"status": "affected",
"version": "12.4(22)MDA1"
},
{
"status": "affected",
"version": "12.4(24)MDA2"
},
{
"status": "affected",
"version": "12.4(22)MDA6"
},
{
"status": "affected",
"version": "12.4(24)MDA6"
},
{
"status": "affected",
"version": "12.4(24)MDA7"
},
{
"status": "affected",
"version": "12.4(24)MDA8"
},
{
"status": "affected",
"version": "12.4(24)MDA10"
},
{
"status": "affected",
"version": "12.4(24)MDA9"
},
{
"status": "affected",
"version": "12.4(24)MDA11"
},
{
"status": "affected",
"version": "12.4(24)MDA12"
},
{
"status": "affected",
"version": "12.4(24)MDA13"
},
{
"status": "affected",
"version": "12.4(24)YG3"
},
{
"status": "affected",
"version": "12.4(24)YG4"
},
{
"status": "affected",
"version": "12.4(24)YG1"
},
{
"status": "affected",
"version": "12.4(24)YG2"
},
{
"status": "affected",
"version": "12.4(24)YG"
},
{
"status": "affected",
"version": "15.0(1)M1"
},
{
"status": "affected",
"version": "15.0(1)M5"
},
{
"status": "affected",
"version": "15.0(1)M4"
},
{
"status": "affected",
"version": "15.0(1)M3"
},
{
"status": "affected",
"version": "15.0(1)M2"
},
{
"status": "affected",
"version": "15.0(1)M6"
},
{
"status": "affected",
"version": "15.0(1)M"
},
{
"status": "affected",
"version": "15.0(1)M7"
},
{
"status": "affected",
"version": "15.0(1)M10"
},
{
"status": "affected",
"version": "15.0(1)M9"
},
{
"status": "affected",
"version": "15.0(1)M8"
},
{
"status": "affected",
"version": "15.0(1)XA2"
},
{
"status": "affected",
"version": "15.0(1)XA4"
},
{
"status": "affected",
"version": "15.0(1)XA1"
},
{
"status": "affected",
"version": "15.0(1)XA3"
},
{
"status": "affected",
"version": "15.0(1)XA"
},
{
"status": "affected",
"version": "15.0(1)XA5"
},
{
"status": "affected",
"version": "15.1(2)T"
},
{
"status": "affected",
"version": "15.1(1)T4"
},
{
"status": "affected",
"version": "15.1(3)T2"
},
{
"status": "affected",
"version": "15.1(1)T1"
},
{
"status": "affected",
"version": "15.1(2)T0a"
},
{
"status": "affected",
"version": "15.1(3)T3"
},
{
"status": "affected",
"version": "15.1(1)T3"
},
{
"status": "affected",
"version": "15.1(2)T3"
},
{
"status": "affected",
"version": "15.1(2)T4"
},
{
"status": "affected",
"version": "15.1(1)T2"
},
{
"status": "affected",
"version": "15.1(3)T"
},
{
"status": "affected",
"version": "15.1(2)T2a"
},
{
"status": "affected",
"version": "15.1(3)T1"
},
{
"status": "affected",
"version": "15.1(1)T"
},
{
"status": "affected",
"version": "15.1(2)T2"
},
{
"status": "affected",
"version": "15.1(2)T1"
},
{
"status": "affected",
"version": "15.1(2)T5"
},
{
"status": "affected",
"version": "15.1(3)T4"
},
{
"status": "affected",
"version": "15.1(1)T5"
},
{
"status": "affected",
"version": "15.1(1)XB"
},
{
"status": "affected",
"version": "15.0(1)S2"
},
{
"status": "affected",
"version": "15.0(1)S1"
},
{
"status": "affected",
"version": "15.0(1)S"
},
{
"status": "affected",
"version": "15.0(1)S3a"
},
{
"status": "affected",
"version": "15.0(1)S4"
},
{
"status": "affected",
"version": "15.0(1)S5"
},
{
"status": "affected",
"version": "15.0(1)S4a"
},
{
"status": "affected",
"version": "15.0(1)S6"
},
{
"status": "affected",
"version": "15.2(1)S"
},
{
"status": "affected",
"version": "15.2(2)S"
},
{
"status": "affected",
"version": "15.2(1)S1"
},
{
"status": "affected",
"version": "15.2(4)S"
},
{
"status": "affected",
"version": "15.2(1)S2"
},
{
"status": "affected",
"version": "15.2(2)S1"
},
{
"status": "affected",
"version": "15.2(2)S2"
},
{
"status": "affected",
"version": "15.2(2)S0a"
},
{
"status": "affected",
"version": "15.2(2)S0c"
},
{
"status": "affected",
"version": "15.2(4)S1"
},
{
"status": "affected",
"version": "15.2(4)S4"
},
{
"status": "affected",
"version": "15.2(4)S6"
},
{
"status": "affected",
"version": "15.2(4)S2"
},
{
"status": "affected",
"version": "15.2(4)S5"
},
{
"status": "affected",
"version": "15.2(4)S3"
},
{
"status": "affected",
"version": "15.2(4)S3a"
},
{
"status": "affected",
"version": "15.2(4)S4a"
},
{
"status": "affected",
"version": "15.2(4)S7"
},
{
"status": "affected",
"version": "15.3(1)T"
},
{
"status": "affected",
"version": "15.3(2)T"
},
{
"status": "affected",
"version": "15.3(1)T1"
},
{
"status": "affected",
"version": "15.3(1)T2"
},
{
"status": "affected",
"version": "15.3(1)T3"
},
{
"status": "affected",
"version": "15.3(1)T4"
},
{
"status": "affected",
"version": "15.3(2)T1"
},
{
"status": "affected",
"version": "15.3(2)T2"
},
{
"status": "affected",
"version": "15.3(2)T3"
},
{
"status": "affected",
"version": "15.3(2)T4"
},
{
"status": "affected",
"version": "15.0(2)EY"
},
{
"status": "affected",
"version": "15.0(2)EY1"
},
{
"status": "affected",
"version": "15.0(2)EY2"
},
{
"status": "affected",
"version": "15.0(2)EY3"
},
{
"status": "affected",
"version": "15.1(2)S"
},
{
"status": "affected",
"version": "15.1(1)S"
},
{
"status": "affected",
"version": "15.1(1)S1"
},
{
"status": "affected",
"version": "15.1(3)S"
},
{
"status": "affected",
"version": "15.1(1)S2"
},
{
"status": "affected",
"version": "15.1(2)S1"
},
{
"status": "affected",
"version": "15.1(2)S2"
},
{
"status": "affected",
"version": "15.1(3)S1"
},
{
"status": "affected",
"version": "15.1(3)S0a"
},
{
"status": "affected",
"version": "15.1(3)S2"
},
{
"status": "affected",
"version": "15.1(3)S4"
},
{
"status": "affected",
"version": "15.1(3)S3"
},
{
"status": "affected",
"version": "15.1(3)S5"
},
{
"status": "affected",
"version": "15.1(3)S6"
},
{
"status": "affected",
"version": "15.1(3)S5a"
},
{
"status": "affected",
"version": "15.1(4)M3"
},
{
"status": "affected",
"version": "15.1(4)M"
},
{
"status": "affected",
"version": "15.1(4)M1"
},
{
"status": "affected",
"version": "15.1(4)M2"
},
{
"status": "affected",
"version": "15.1(4)M6"
},
{
"status": "affected",
"version": "15.1(4)M5"
},
{
"status": "affected",
"version": "15.1(4)M4"
},
{
"status": "affected",
"version": "15.1(4)M7"
},
{
"status": "affected",
"version": "15.1(4)M3a"
},
{
"status": "affected",
"version": "15.1(4)M10"
},
{
"status": "affected",
"version": "15.1(4)M8"
},
{
"status": "affected",
"version": "15.1(4)M9"
},
{
"status": "affected",
"version": "15.0(2)SE"
},
{
"status": "affected",
"version": "15.0(2)SE1"
},
{
"status": "affected",
"version": "15.0(2)SE2"
},
{
"status": "affected",
"version": "15.0(2)SE3"
},
{
"status": "affected",
"version": "15.0(2)SE4"
},
{
"status": "affected",
"version": "15.0(2)SE5"
},
{
"status": "affected",
"version": "15.0(2)SE6"
},
{
"status": "affected",
"version": "15.0(2)SE7"
},
{
"status": "affected",
"version": "15.0(2)SE8"
},
{
"status": "affected",
"version": "15.0(2)SE9"
},
{
"status": "affected",
"version": "15.0(2)SE10"
},
{
"status": "affected",
"version": "15.0(2)SE11"
},
{
"status": "affected",
"version": "15.0(2)SE10a"
},
{
"status": "affected",
"version": "15.0(2)SE12"
},
{
"status": "affected",
"version": "15.0(2)SE13"
},
{
"status": "affected",
"version": "15.1(2)GC"
},
{
"status": "affected",
"version": "15.1(2)GC1"
},
{
"status": "affected",
"version": "15.1(2)GC2"
},
{
"status": "affected",
"version": "15.1(4)GC"
},
{
"status": "affected",
"version": "15.1(4)GC1"
},
{
"status": "affected",
"version": "15.1(4)GC2"
},
{
"status": "affected",
"version": "15.1(1)SG"
},
{
"status": "affected",
"version": "15.1(2)SG"
},
{
"status": "affected",
"version": "15.1(1)SG1"
},
{
"status": "affected",
"version": "15.1(1)SG2"
},
{
"status": "affected",
"version": "15.1(2)SG1"
},
{
"status": "affected",
"version": "15.1(2)SG2"
},
{
"status": "affected",
"version": "15.1(2)SG3"
},
{
"status": "affected",
"version": "15.1(2)SG4"
},
{
"status": "affected",
"version": "15.1(2)SG5"
},
{
"status": "affected",
"version": "15.1(2)SG6"
},
{
"status": "affected",
"version": "15.1(2)SG7"
},
{
"status": "affected",
"version": "15.1(2)SG8"
},
{
"status": "affected",
"version": "15.0(1)MR"
},
{
"status": "affected",
"version": "15.0(2)MR"
},
{
"status": "affected",
"version": "15.2(4)M"
},
{
"status": "affected",
"version": "15.2(4)M1"
},
{
"status": "affected",
"version": "15.2(4)M2"
},
{
"status": "affected",
"version": "15.2(4)M4"
},
{
"status": "affected",
"version": "15.2(4)M3"
},
{
"status": "affected",
"version": "15.2(4)M5"
},
{
"status": "affected",
"version": "15.2(4)M8"
},
{
"status": "affected",
"version": "15.2(4)M10"
},
{
"status": "affected",
"version": "15.2(4)M7"
},
{
"status": "affected",
"version": "15.2(4)M6"
},
{
"status": "affected",
"version": "15.2(4)M9"
},
{
"status": "affected",
"version": "15.2(4)M6a"
},
{
"status": "affected",
"version": "15.2(4)M11"
},
{
"status": "affected",
"version": "12.4(24)MDB"
},
{
"status": "affected",
"version": "12.4(24)MDB1"
},
{
"status": "affected",
"version": "12.4(24)MDB3"
},
{
"status": "affected",
"version": "12.4(24)MDB4"
},
{
"status": "affected",
"version": "12.4(24)MDB5"
},
{
"status": "affected",
"version": "12.4(24)MDB6"
},
{
"status": "affected",
"version": "12.4(24)MDB7"
},
{
"status": "affected",
"version": "12.4(24)MDB5a"
},
{
"status": "affected",
"version": "12.4(24)MDB8"
},
{
"status": "affected",
"version": "12.4(24)MDB9"
},
{
"status": "affected",
"version": "12.4(24)MDB10"
},
{
"status": "affected",
"version": "12.4(24)MDB11"
},
{
"status": "affected",
"version": "12.4(24)MDB12"
},
{
"status": "affected",
"version": "12.4(24)MDB13"
},
{
"status": "affected",
"version": "12.4(24)MDB14"
},
{
"status": "affected",
"version": "12.4(24)MDB15"
},
{
"status": "affected",
"version": "12.4(24)MDB16"
},
{
"status": "affected",
"version": "12.4(24)MDB17"
},
{
"status": "affected",
"version": "12.4(24)MDB18"
},
{
"status": "affected",
"version": "12.4(24)MDB19"
},
{
"status": "affected",
"version": "15.0(2)EX"
},
{
"status": "affected",
"version": "15.0(2)EX1"
},
{
"status": "affected",
"version": "15.0(2)EX2"
},
{
"status": "affected",
"version": "15.0(2)EX3"
},
{
"status": "affected",
"version": "15.0(2)EX4"
},
{
"status": "affected",
"version": "15.0(2)EX5"
},
{
"status": "affected",
"version": "15.0(2)EX8"
},
{
"status": "affected",
"version": "15.0(2a)EX5"
},
{
"status": "affected",
"version": "15.0(2)EX10"
},
{
"status": "affected",
"version": "15.0(2)EX11"
},
{
"status": "affected",
"version": "15.0(2)EX13"
},
{
"status": "affected",
"version": "15.0(2)EX12"
},
{
"status": "affected",
"version": "15.2(1)GC"
},
{
"status": "affected",
"version": "15.2(1)GC1"
},
{
"status": "affected",
"version": "15.2(1)GC2"
},
{
"status": "affected",
"version": "15.2(2)GC"
},
{
"status": "affected",
"version": "15.2(3)GC"
},
{
"status": "affected",
"version": "15.2(3)GC1"
},
{
"status": "affected",
"version": "15.2(4)GC"
},
{
"status": "affected",
"version": "15.2(4)GC1"
},
{
"status": "affected",
"version": "15.2(4)GC2"
},
{
"status": "affected",
"version": "15.2(4)GC3"
},
{
"status": "affected",
"version": "15.1(1)SY"
},
{
"status": "affected",
"version": "15.1(1)SY1"
},
{
"status": "affected",
"version": "15.1(2)SY"
},
{
"status": "affected",
"version": "15.1(2)SY1"
},
{
"status": "affected",
"version": "15.1(2)SY2"
},
{
"status": "affected",
"version": "15.1(1)SY2"
},
{
"status": "affected",
"version": "15.1(1)SY3"
},
{
"status": "affected",
"version": "15.1(2)SY3"
},
{
"status": "affected",
"version": "15.1(1)SY4"
},
{
"status": "affected",
"version": "15.1(2)SY4"
},
{
"status": "affected",
"version": "15.1(1)SY5"
},
{
"status": "affected",
"version": "15.1(2)SY5"
},
{
"status": "affected",
"version": "15.1(2)SY4a"
},
{
"status": "affected",
"version": "15.1(1)SY6"
},
{
"status": "affected",
"version": "15.1(2)SY6"
},
{
"status": "affected",
"version": "15.1(2)SY7"
},
{
"status": "affected",
"version": "15.1(2)SY8"
},
{
"status": "affected",
"version": "15.1(2)SY9"
},
{
"status": "affected",
"version": "15.1(2)SY10"
},
{
"status": "affected",
"version": "15.1(2)SY11"
},
{
"status": "affected",
"version": "15.1(2)SY12"
},
{
"status": "affected",
"version": "15.1(2)SY13"
},
{
"status": "affected",
"version": "15.1(2)SY14"
},
{
"status": "affected",
"version": "15.1(2)SY15"
},
{
"status": "affected",
"version": "15.1(2)SY16"
},
{
"status": "affected",
"version": "15.3(1)S"
},
{
"status": "affected",
"version": "15.3(2)S"
},
{
"status": "affected",
"version": "15.3(3)S"
},
{
"status": "affected",
"version": "15.3(1)S2"
},
{
"status": "affected",
"version": "15.3(1)S1"
},
{
"status": "affected",
"version": "15.3(2)S2"
},
{
"status": "affected",
"version": "15.3(2)S1"
},
{
"status": "affected",
"version": "15.3(3)S1"
},
{
"status": "affected",
"version": "15.3(3)S2"
},
{
"status": "affected",
"version": "15.3(3)S3"
},
{
"status": "affected",
"version": "15.3(3)S6"
},
{
"status": "affected",
"version": "15.3(3)S4"
},
{
"status": "affected",
"version": "15.3(3)S1a"
},
{
"status": "affected",
"version": "15.3(3)S5"
},
{
"status": "affected",
"version": "15.3(3)S7"
},
{
"status": "affected",
"version": "15.3(3)S8"
},
{
"status": "affected",
"version": "15.3(3)S9"
},
{
"status": "affected",
"version": "15.3(3)S10"
},
{
"status": "affected",
"version": "15.3(3)S8a"
},
{
"status": "affected",
"version": "15.4(1)T"
},
{
"status": "affected",
"version": "15.4(2)T"
},
{
"status": "affected",
"version": "15.4(1)T2"
},
{
"status": "affected",
"version": "15.4(1)T1"
},
{
"status": "affected",
"version": "15.4(1)T3"
},
{
"status": "affected",
"version": "15.4(2)T1"
},
{
"status": "affected",
"version": "15.4(2)T3"
},
{
"status": "affected",
"version": "15.4(2)T2"
},
{
"status": "affected",
"version": "15.4(1)T4"
},
{
"status": "affected",
"version": "15.4(2)T4"
},
{
"status": "affected",
"version": "15.0(2)EA"
},
{
"status": "affected",
"version": "15.0(2)EA1"
},
{
"status": "affected",
"version": "15.2(1)E"
},
{
"status": "affected",
"version": "15.2(2)E"
},
{
"status": "affected",
"version": "15.2(1)E1"
},
{
"status": "affected",
"version": "15.2(3)E"
},
{
"status": "affected",
"version": "15.2(1)E2"
},
{
"status": "affected",
"version": "15.2(1)E3"
},
{
"status": "affected",
"version": "15.2(2)E1"
},
{
"status": "affected",
"version": "15.2(4)E"
},
{
"status": "affected",
"version": "15.2(3)E1"
},
{
"status": "affected",
"version": "15.2(2)E2"
},
{
"status": "affected",
"version": "15.2(2a)E1"
},
{
"status": "affected",
"version": "15.2(2)E3"
},
{
"status": "affected",
"version": "15.2(2a)E2"
},
{
"status": "affected",
"version": "15.2(3)E2"
},
{
"status": "affected",
"version": "15.2(3a)E"
},
{
"status": "affected",
"version": "15.2(3)E3"
},
{
"status": "affected",
"version": "15.2(4)E1"
},
{
"status": "affected",
"version": "15.2(2)E4"
},
{
"status": "affected",
"version": "15.2(2)E5"
},
{
"status": "affected",
"version": "15.2(4)E2"
},
{
"status": "affected",
"version": "15.2(3)E4"
},
{
"status": "affected",
"version": "15.2(5)E"
},
{
"status": "affected",
"version": "15.2(4)E3"
},
{
"status": "affected",
"version": "15.2(2)E6"
},
{
"status": "affected",
"version": "15.2(5a)E"
},
{
"status": "affected",
"version": "15.2(5)E1"
},
{
"status": "affected",
"version": "15.2(5b)E"
},
{
"status": "affected",
"version": "15.2(2)E5a"
},
{
"status": "affected",
"version": "15.2(5c)E"
},
{
"status": "affected",
"version": "15.2(3)E5"
},
{
"status": "affected",
"version": "15.2(2)E5b"
},
{
"status": "affected",
"version": "15.2(5a)E1"
},
{
"status": "affected",
"version": "15.2(4)E4"
},
{
"status": "affected",
"version": "15.2(2)E7"
},
{
"status": "affected",
"version": "15.2(5)E2"
},
{
"status": "affected",
"version": "15.2(6)E"
},
{
"status": "affected",
"version": "15.2(5)E2b"
},
{
"status": "affected",
"version": "15.2(4)E5"
},
{
"status": "affected",
"version": "15.2(5)E2c"
},
{
"status": "affected",
"version": "15.2(2)E8"
},
{
"status": "affected",
"version": "15.2(6)E0a"
},
{
"status": "affected",
"version": "15.2(6)E1"
},
{
"status": "affected",
"version": "15.2(2)E7b"
},
{
"status": "affected",
"version": "15.2(4)E5a"
},
{
"status": "affected",
"version": "15.2(6)E0c"
},
{
"status": "affected",
"version": "15.2(4)E6"
},
{
"status": "affected",
"version": "15.2(6)E2"
},
{
"status": "affected",
"version": "15.2(2)E9"
},
{
"status": "affected",
"version": "15.2(4)E7"
},
{
"status": "affected",
"version": "15.2(7)E"
},
{
"status": "affected",
"version": "15.2(2)E10"
},
{
"status": "affected",
"version": "15.2(4)E8"
},
{
"status": "affected",
"version": "15.2(6)E2a"
},
{
"status": "affected",
"version": "15.2(6)E2b"
},
{
"status": "affected",
"version": "15.2(7)E1"
},
{
"status": "affected",
"version": "15.2(7)E0a"
},
{
"status": "affected",
"version": "15.2(7)E0b"
},
{
"status": "affected",
"version": "15.2(7)E0s"
},
{
"status": "affected",
"version": "15.2(6)E3"
},
{
"status": "affected",
"version": "15.2(4)E9"
},
{
"status": "affected",
"version": "15.2(7)E2"
},
{
"status": "affected",
"version": "15.2(7a)E0b"
},
{
"status": "affected",
"version": "15.2(4)E10"
},
{
"status": "affected",
"version": "15.2(7)E3"
},
{
"status": "affected",
"version": "15.2(7)E1a"
},
{
"status": "affected",
"version": "15.2(7b)E0b"
},
{
"status": "affected",
"version": "15.2(7)E2a"
},
{
"status": "affected",
"version": "15.2(4)E10a"
},
{
"status": "affected",
"version": "15.2(7)E4"
},
{
"status": "affected",
"version": "15.2(7)E3k"
},
{
"status": "affected",
"version": "15.2(8)E"
},
{
"status": "affected",
"version": "15.2(8)E1"
},
{
"status": "affected",
"version": "15.2(7)E5"
},
{
"status": "affected",
"version": "15.2(7)E6"
},
{
"status": "affected",
"version": "15.2(8)E2"
},
{
"status": "affected",
"version": "15.2(4)E10d"
},
{
"status": "affected",
"version": "15.2(7)E7"
},
{
"status": "affected",
"version": "15.2(8)E3"
},
{
"status": "affected",
"version": "15.2(7)E8"
},
{
"status": "affected",
"version": "15.2(8)E4"
},
{
"status": "affected",
"version": "15.1(3)MRA"
},
{
"status": "affected",
"version": "15.1(3)MRA1"
},
{
"status": "affected",
"version": "15.1(3)MRA2"
},
{
"status": "affected",
"version": "15.1(3)MRA3"
},
{
"status": "affected",
"version": "15.1(3)MRA4"
},
{
"status": "affected",
"version": "15.1(3)SVB1"
},
{
"status": "affected",
"version": "15.1(3)SVB2"
},
{
"status": "affected",
"version": "15.4(1)S"
},
{
"status": "affected",
"version": "15.4(2)S"
},
{
"status": "affected",
"version": "15.4(3)S"
},
{
"status": "affected",
"version": "15.4(1)S1"
},
{
"status": "affected",
"version": "15.4(1)S2"
},
{
"status": "affected",
"version": "15.4(2)S1"
},
{
"status": "affected",
"version": "15.4(1)S3"
},
{
"status": "affected",
"version": "15.4(3)S1"
},
{
"status": "affected",
"version": "15.4(2)S2"
},
{
"status": "affected",
"version": "15.4(3)S2"
},
{
"status": "affected",
"version": "15.4(3)S3"
},
{
"status": "affected",
"version": "15.4(1)S4"
},
{
"status": "affected",
"version": "15.4(2)S3"
},
{
"status": "affected",
"version": "15.4(2)S4"
},
{
"status": "affected",
"version": "15.4(3)S4"
},
{
"status": "affected",
"version": "15.4(3)S5"
},
{
"status": "affected",
"version": "15.4(3)S6"
},
{
"status": "affected",
"version": "15.4(3)S7"
},
{
"status": "affected",
"version": "15.4(3)S6a"
},
{
"status": "affected",
"version": "15.4(3)S8"
},
{
"status": "affected",
"version": "15.4(3)S9"
},
{
"status": "affected",
"version": "15.4(3)S10"
},
{
"status": "affected",
"version": "15.3(3)M"
},
{
"status": "affected",
"version": "15.3(3)M1"
},
{
"status": "affected",
"version": "15.3(3)M2"
},
{
"status": "affected",
"version": "15.3(3)M3"
},
{
"status": "affected",
"version": "15.3(3)M5"
},
{
"status": "affected",
"version": "15.3(3)M4"
},
{
"status": "affected",
"version": "15.3(3)M6"
},
{
"status": "affected",
"version": "15.3(3)M7"
},
{
"status": "affected",
"version": "15.3(3)M8"
},
{
"status": "affected",
"version": "15.3(3)M9"
},
{
"status": "affected",
"version": "15.3(3)M10"
},
{
"status": "affected",
"version": "15.3(3)M8a"
},
{
"status": "affected",
"version": "15.0(2)EZ"
},
{
"status": "affected",
"version": "15.1(3)SVD"
},
{
"status": "affected",
"version": "15.1(3)SVD1"
},
{
"status": "affected",
"version": "15.1(3)SVD2"
},
{
"status": "affected",
"version": "15.2(1)EY"
},
{
"status": "affected",
"version": "15.0(2)EJ"
},
{
"status": "affected",
"version": "15.0(2)EJ1"
},
{
"status": "affected",
"version": "15.2(1)SY"
},
{
"status": "affected",
"version": "15.2(1)SY1"
},
{
"status": "affected",
"version": "15.2(1)SY0a"
},
{
"status": "affected",
"version": "15.2(1)SY2"
},
{
"status": "affected",
"version": "15.2(2)SY"
},
{
"status": "affected",
"version": "15.2(1)SY1a"
},
{
"status": "affected",
"version": "15.2(2)SY1"
},
{
"status": "affected",
"version": "15.2(2)SY2"
},
{
"status": "affected",
"version": "15.2(1)SY3"
},
{
"status": "affected",
"version": "15.2(1)SY4"
},
{
"status": "affected",
"version": "15.2(2)SY3"
},
{
"status": "affected",
"version": "15.2(1)SY5"
},
{
"status": "affected",
"version": "15.2(1)SY6"
},
{
"status": "affected",
"version": "15.2(1)SY7"
},
{
"status": "affected",
"version": "15.2(1)SY8"
},
{
"status": "affected",
"version": "15.2(5)EX"
},
{
"status": "affected",
"version": "15.1(3)SVF"
},
{
"status": "affected",
"version": "15.1(3)SVF1"
},
{
"status": "affected",
"version": "15.1(3)SVE"
},
{
"status": "affected",
"version": "15.4(3)M"
},
{
"status": "affected",
"version": "15.4(3)M1"
},
{
"status": "affected",
"version": "15.4(3)M2"
},
{
"status": "affected",
"version": "15.4(3)M3"
},
{
"status": "affected",
"version": "15.4(3)M4"
},
{
"status": "affected",
"version": "15.4(3)M5"
},
{
"status": "affected",
"version": "15.4(3)M6"
},
{
"status": "affected",
"version": "15.4(3)M7"
},
{
"status": "affected",
"version": "15.4(3)M6a"
},
{
"status": "affected",
"version": "15.4(3)M8"
},
{
"status": "affected",
"version": "15.4(3)M9"
},
{
"status": "affected",
"version": "15.4(3)M10"
},
{
"status": "affected",
"version": "15.0(2)EK"
},
{
"status": "affected",
"version": "15.0(2)EK1"
},
{
"status": "affected",
"version": "15.4(1)CG"
},
{
"status": "affected",
"version": "15.4(1)CG1"
},
{
"status": "affected",
"version": "15.4(2)CG"
},
{
"status": "affected",
"version": "15.5(1)S"
},
{
"status": "affected",
"version": "15.5(2)S"
},
{
"status": "affected",
"version": "15.5(1)S1"
},
{
"status": "affected",
"version": "15.5(3)S"
},
{
"status": "affected",
"version": "15.5(1)S2"
},
{
"status": "affected",
"version": "15.5(1)S3"
},
{
"status": "affected",
"version": "15.5(2)S1"
},
{
"status": "affected",
"version": "15.5(2)S2"
},
{
"status": "affected",
"version": "15.5(3)S1"
},
{
"status": "affected",
"version": "15.5(3)S1a"
},
{
"status": "affected",
"version": "15.5(2)S3"
},
{
"status": "affected",
"version": "15.5(3)S2"
},
{
"status": "affected",
"version": "15.5(3)S0a"
},
{
"status": "affected",
"version": "15.5(3)S3"
},
{
"status": "affected",
"version": "15.5(1)S4"
},
{
"status": "affected",
"version": "15.5(2)S4"
},
{
"status": "affected",
"version": "15.5(3)S4"
},
{
"status": "affected",
"version": "15.5(3)S5"
},
{
"status": "affected",
"version": "15.5(3)S6"
},
{
"status": "affected",
"version": "15.5(3)S6a"
},
{
"status": "affected",
"version": "15.5(3)S7"
},
{
"status": "affected",
"version": "15.5(3)S6b"
},
{
"status": "affected",
"version": "15.5(3)S8"
},
{
"status": "affected",
"version": "15.5(3)S9"
},
{
"status": "affected",
"version": "15.5(3)S10"
},
{
"status": "affected",
"version": "15.5(3)S9a"
},
{
"status": "affected",
"version": "15.1(3)SVG"
},
{
"status": "affected",
"version": "15.2(2)EB"
},
{
"status": "affected",
"version": "15.2(2)EB1"
},
{
"status": "affected",
"version": "15.2(2)EB2"
},
{
"status": "affected",
"version": "15.2(6)EB"
},
{
"status": "affected",
"version": "15.5(1)T"
},
{
"status": "affected",
"version": "15.5(1)T1"
},
{
"status": "affected",
"version": "15.5(2)T"
},
{
"status": "affected",
"version": "15.5(1)T2"
},
{
"status": "affected",
"version": "15.5(1)T3"
},
{
"status": "affected",
"version": "15.5(2)T1"
},
{
"status": "affected",
"version": "15.5(2)T2"
},
{
"status": "affected",
"version": "15.5(2)T3"
},
{
"status": "affected",
"version": "15.5(2)T4"
},
{
"status": "affected",
"version": "15.5(1)T4"
},
{
"status": "affected",
"version": "15.2(2)EA"
},
{
"status": "affected",
"version": "15.2(2)EA1"
},
{
"status": "affected",
"version": "15.2(2)EA2"
},
{
"status": "affected",
"version": "15.2(3)EA"
},
{
"status": "affected",
"version": "15.2(4)EA"
},
{
"status": "affected",
"version": "15.2(4)EA1"
},
{
"status": "affected",
"version": "15.2(2)EA3"
},
{
"status": "affected",
"version": "15.2(4)EA3"
},
{
"status": "affected",
"version": "15.2(5)EA"
},
{
"status": "affected",
"version": "15.2(4)EA4"
},
{
"status": "affected",
"version": "15.2(4)EA5"
},
{
"status": "affected",
"version": "15.2(4)EA6"
},
{
"status": "affected",
"version": "15.2(4)EA7"
},
{
"status": "affected",
"version": "15.2(4)EA8"
},
{
"status": "affected",
"version": "15.2(4)EA9"
},
{
"status": "affected",
"version": "15.2(4)EA9a"
},
{
"status": "affected",
"version": "15.5(3)M"
},
{
"status": "affected",
"version": "15.5(3)M1"
},
{
"status": "affected",
"version": "15.5(3)M0a"
},
{
"status": "affected",
"version": "15.5(3)M2"
},
{
"status": "affected",
"version": "15.5(3)M3"
},
{
"status": "affected",
"version": "15.5(3)M4"
},
{
"status": "affected",
"version": "15.5(3)M4a"
},
{
"status": "affected",
"version": "15.5(3)M5"
},
{
"status": "affected",
"version": "15.5(3)M6"
},
{
"status": "affected",
"version": "15.5(3)M7"
},
{
"status": "affected",
"version": "15.5(3)M6a"
},
{
"status": "affected",
"version": "15.5(3)M8"
},
{
"status": "affected",
"version": "15.5(3)M9"
},
{
"status": "affected",
"version": "15.5(3)M10"
},
{
"status": "affected",
"version": "15.5(3)SN"
},
{
"status": "affected",
"version": "15.6(1)S"
},
{
"status": "affected",
"version": "15.6(2)S"
},
{
"status": "affected",
"version": "15.6(2)S1"
},
{
"status": "affected",
"version": "15.6(1)S1"
},
{
"status": "affected",
"version": "15.6(1)S2"
},
{
"status": "affected",
"version": "15.6(2)S2"
},
{
"status": "affected",
"version": "15.6(1)S3"
},
{
"status": "affected",
"version": "15.6(2)S3"
},
{
"status": "affected",
"version": "15.6(1)S4"
},
{
"status": "affected",
"version": "15.6(2)S4"
},
{
"status": "affected",
"version": "15.6(1)T"
},
{
"status": "affected",
"version": "15.6(2)T"
},
{
"status": "affected",
"version": "15.6(1)T0a"
},
{
"status": "affected",
"version": "15.6(1)T1"
},
{
"status": "affected",
"version": "15.6(2)T1"
},
{
"status": "affected",
"version": "15.6(1)T2"
},
{
"status": "affected",
"version": "15.6(2)T2"
},
{
"status": "affected",
"version": "15.6(1)T3"
},
{
"status": "affected",
"version": "15.6(2)T3"
},
{
"status": "affected",
"version": "15.3(1)SY"
},
{
"status": "affected",
"version": "15.3(1)SY1"
},
{
"status": "affected",
"version": "15.3(1)SY2"
},
{
"status": "affected",
"version": "15.6(2)SP"
},
{
"status": "affected",
"version": "15.6(2)SP1"
},
{
"status": "affected",
"version": "15.6(2)SP2"
},
{
"status": "affected",
"version": "15.6(2)SP3"
},
{
"status": "affected",
"version": "15.6(2)SP4"
},
{
"status": "affected",
"version": "15.6(2)SP5"
},
{
"status": "affected",
"version": "15.6(2)SP6"
},
{
"status": "affected",
"version": "15.6(2)SP7"
},
{
"status": "affected",
"version": "15.6(2)SP8"
},
{
"status": "affected",
"version": "15.6(2)SP9"
},
{
"status": "affected",
"version": "15.6(2)SP10"
},
{
"status": "affected",
"version": "15.6(2)SN"
},
{
"status": "affected",
"version": "15.6(3)M"
},
{
"status": "affected",
"version": "15.6(3)M1"
},
{
"status": "affected",
"version": "15.6(3)M0a"
},
{
"status": "affected",
"version": "15.6(3)M1b"
},
{
"status": "affected",
"version": "15.6(3)M2"
},
{
"status": "affected",
"version": "15.6(3)M2a"
},
{
"status": "affected",
"version": "15.6(3)M3"
},
{
"status": "affected",
"version": "15.6(3)M3a"
},
{
"status": "affected",
"version": "15.6(3)M4"
},
{
"status": "affected",
"version": "15.6(3)M5"
},
{
"status": "affected",
"version": "15.6(3)M6"
},
{
"status": "affected",
"version": "15.6(3)M7"
},
{
"status": "affected",
"version": "15.6(3)M6a"
},
{
"status": "affected",
"version": "15.6(3)M6b"
},
{
"status": "affected",
"version": "15.6(3)M8"
},
{
"status": "affected",
"version": "15.6(3)M9"
},
{
"status": "affected",
"version": "15.1(3)SVJ2"
},
{
"status": "affected",
"version": "15.2(4)EC1"
},
{
"status": "affected",
"version": "15.2(4)EC2"
},
{
"status": "affected",
"version": "15.4(1)SY"
},
{
"status": "affected",
"version": "15.4(1)SY1"
},
{
"status": "affected",
"version": "15.4(1)SY2"
},
{
"status": "affected",
"version": "15.4(1)SY3"
},
{
"status": "affected",
"version": "15.4(1)SY4"
},
{
"status": "affected",
"version": "15.5(1)SY"
},
{
"status": "affected",
"version": "15.5(1)SY1"
},
{
"status": "affected",
"version": "15.5(1)SY2"
},
{
"status": "affected",
"version": "15.5(1)SY3"
},
{
"status": "affected",
"version": "15.5(1)SY4"
},
{
"status": "affected",
"version": "15.5(1)SY5"
},
{
"status": "affected",
"version": "15.5(1)SY6"
},
{
"status": "affected",
"version": "15.5(1)SY7"
},
{
"status": "affected",
"version": "15.5(1)SY8"
},
{
"status": "affected",
"version": "15.5(1)SY9"
},
{
"status": "affected",
"version": "15.5(1)SY10"
},
{
"status": "affected",
"version": "15.5(1)SY11"
},
{
"status": "affected",
"version": "15.7(3)M"
},
{
"status": "affected",
"version": "15.7(3)M1"
},
{
"status": "affected",
"version": "15.7(3)M0a"
},
{
"status": "affected",
"version": "15.7(3)M3"
},
{
"status": "affected",
"version": "15.7(3)M2"
},
{
"status": "affected",
"version": "15.7(3)M4"
},
{
"status": "affected",
"version": "15.7(3)M5"
},
{
"status": "affected",
"version": "15.7(3)M4a"
},
{
"status": "affected",
"version": "15.7(3)M4b"
},
{
"status": "affected",
"version": "15.7(3)M6"
},
{
"status": "affected",
"version": "15.7(3)M7"
},
{
"status": "affected",
"version": "15.7(3)M8"
},
{
"status": "affected",
"version": "15.7(3)M9"
},
{
"status": "affected",
"version": "15.8(3)M"
},
{
"status": "affected",
"version": "15.8(3)M1"
},
{
"status": "affected",
"version": "15.8(3)M0a"
},
{
"status": "affected",
"version": "15.8(3)M0b"
},
{
"status": "affected",
"version": "15.8(3)M2"
},
{
"status": "affected",
"version": "15.8(3)M1a"
},
{
"status": "affected",
"version": "15.8(3)M3"
},
{
"status": "affected",
"version": "15.8(3)M2a"
},
{
"status": "affected",
"version": "15.8(3)M4"
},
{
"status": "affected",
"version": "15.8(3)M3a"
},
{
"status": "affected",
"version": "15.8(3)M3b"
},
{
"status": "affected",
"version": "15.8(3)M5"
},
{
"status": "affected",
"version": "15.8(3)M6"
},
{
"status": "affected",
"version": "15.8(3)M7"
},
{
"status": "affected",
"version": "15.8(3)M8"
},
{
"status": "affected",
"version": "15.8(3)M9"
},
{
"status": "affected",
"version": "15.8(3)M10"
},
{
"status": "affected",
"version": "15.9(3)M"
},
{
"status": "affected",
"version": "15.9(3)M1"
},
{
"status": "affected",
"version": "15.9(3)M0a"
},
{
"status": "affected",
"version": "15.9(3)M2"
},
{
"status": "affected",
"version": "15.9(3)M3"
},
{
"status": "affected",
"version": "15.9(3)M2a"
},
{
"status": "affected",
"version": "15.9(3)M3a"
},
{
"status": "affected",
"version": "15.9(3)M4"
},
{
"status": "affected",
"version": "15.9(3)M3b"
},
{
"status": "affected",
"version": "15.9(3)M5"
},
{
"status": "affected",
"version": "15.9(3)M4a"
},
{
"status": "affected",
"version": "15.9(3)M6"
},
{
"status": "affected",
"version": "15.9(3)M7"
},
{
"status": "affected",
"version": "15.9(3)M6a"
},
{
"status": "affected",
"version": "15.9(3)M6b"
},
{
"status": "affected",
"version": "15.9(3)M7a"
}
]
},
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.7.0S"
},
{
"status": "affected",
"version": "3.7.1S"
},
{
"status": "affected",
"version": "3.7.2S"
},
{
"status": "affected",
"version": "3.7.3S"
},
{
"status": "affected",
"version": "3.7.4S"
},
{
"status": "affected",
"version": "3.7.5S"
},
{
"status": "affected",
"version": "3.7.6S"
},
{
"status": "affected",
"version": "3.7.7S"
},
{
"status": "affected",
"version": "3.7.4aS"
},
{
"status": "affected",
"version": "3.7.2tS"
},
{
"status": "affected",
"version": "3.7.0bS"
},
{
"status": "affected",
"version": "3.7.1aS"
},
{
"status": "affected",
"version": "3.3.0SG"
},
{
"status": "affected",
"version": "3.3.2SG"
},
{
"status": "affected",
"version": "3.3.1SG"
},
{
"status": "affected",
"version": "3.8.0S"
},
{
"status": "affected",
"version": "3.8.1S"
},
{
"status": "affected",
"version": "3.8.2S"
},
{
"status": "affected",
"version": "3.9.1S"
},
{
"status": "affected",
"version": "3.9.0S"
},
{
"status": "affected",
"version": "3.9.2S"
},
{
"status": "affected",
"version": "3.9.1aS"
},
{
"status": "affected",
"version": "3.9.0aS"
},
{
"status": "affected",
"version": "3.4.0SG"
},
{
"status": "affected",
"version": "3.4.2SG"
},
{
"status": "affected",
"version": "3.4.1SG"
},
{
"status": "affected",
"version": "3.4.3SG"
},
{
"status": "affected",
"version": "3.4.4SG"
},
{
"status": "affected",
"version": "3.4.5SG"
},
{
"status": "affected",
"version": "3.4.6SG"
},
{
"status": "affected",
"version": "3.4.7SG"
},
{
"status": "affected",
"version": "3.4.8SG"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.10.0S"
},
{
"status": "affected",
"version": "3.10.1S"
},
{
"status": "affected",
"version": "3.10.2S"
},
{
"status": "affected",
"version": "3.10.3S"
},
{
"status": "affected",
"version": "3.10.4S"
},
{
"status": "affected",
"version": "3.10.5S"
},
{
"status": "affected",
"version": "3.10.6S"
},
{
"status": "affected",
"version": "3.10.2tS"
},
{
"status": "affected",
"version": "3.10.7S"
},
{
"status": "affected",
"version": "3.10.1xbS"
},
{
"status": "affected",
"version": "3.10.8S"
},
{
"status": "affected",
"version": "3.10.8aS"
},
{
"status": "affected",
"version": "3.10.9S"
},
{
"status": "affected",
"version": "3.10.10S"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.16.9S"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "16.1.1"
},
{
"status": "affected",
"version": "16.1.2"
},
{
"status": "affected",
"version": "16.1.3"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "3.8.8E"
},
{
"status": "affected",
"version": "3.8.9E"
},
{
"status": "affected",
"version": "3.8.10E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.3.5"
},
{
"status": "affected",
"version": "16.3.5b"
},
{
"status": "affected",
"version": "16.3.6"
},
{
"status": "affected",
"version": "16.3.7"
},
{
"status": "affected",
"version": "16.3.8"
},
{
"status": "affected",
"version": "16.3.9"
},
{
"status": "affected",
"version": "16.3.10"
},
{
"status": "affected",
"version": "16.3.11"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.4.3"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "16.5.2"
},
{
"status": "affected",
"version": "16.5.3"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.18.6SP"
},
{
"status": "affected",
"version": "3.18.7SP"
},
{
"status": "affected",
"version": "3.18.8aSP"
},
{
"status": "affected",
"version": "3.18.9SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.6.5a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.7.4"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.1e"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3a"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.5f"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1c"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1d"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.1f"
},
{
"status": "affected",
"version": "16.10.1g"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.2E"
},
{
"status": "affected",
"version": "3.10.3E"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.1w"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.1y"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1x"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.1z1"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.1z2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "3.11.0E"
},
{
"status": "affected",
"version": "3.11.1E"
},
{
"status": "affected",
"version": "3.11.2E"
},
{
"status": "affected",
"version": "3.11.3E"
},
{
"status": "affected",
"version": "3.11.1aE"
},
{
"status": "affected",
"version": "3.11.4E"
},
{
"status": "affected",
"version": "3.11.3aE"
},
{
"status": "affected",
"version": "3.11.5E"
},
{
"status": "affected",
"version": "3.11.6E"
},
{
"status": "affected",
"version": "3.11.7E"
},
{
"status": "affected",
"version": "3.11.8E"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.5.1c"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.11.99SW"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.\r\n\r This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details [\"#details\"] section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "Cisco discovered attempted exploitation of the GET VPN feature and conducted a technical code review of the feature. This vulnerability was discovered during our internal investigation. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:45.130Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-getvpn-rce-g8qR68sx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx"
}
],
"source": {
"advisory": "cisco-sa-getvpn-rce-g8qR68sx",
"defects": [
"CSCwe14195",
"CSCwe24118",
"CSCwf49531"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20109",
"datePublished": "2023-09-27T17:23:21.589Z",
"dateReserved": "2022-10-27T18:47:50.343Z",
"dateUpdated": "2025-10-21T23:05:36.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20213 (GCVE-0-2023-20213)
Vulnerability from cvelistv5 – Published: 2023-11-01 16:58 – Updated: 2025-06-12 14:37
VLAI
Summary
A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
2.6.0
Affected: 2.6.0 p1 Affected: 2.6.0 p2 Affected: 2.6.0 p3 Affected: 2.6.0 p5 Affected: 2.6.0 p6 Affected: 2.6.0 p7 Affected: 2.6.0 p8 Affected: 2.6.0 p9 Affected: 2.6.0 p10 Affected: 2.6.0 p11 Affected: 2.6.0 p12 Affected: 2.7.0 Affected: 2.7.0 p1 Affected: 2.7.0 p2 Affected: 2.7.0 p3 Affected: 2.7.0 p4 Affected: 2.7.0 p5 Affected: 2.7.0 p6 Affected: 2.7.0 p7 Affected: 2.7.0 p9 Affected: 3.0.0 Affected: 3.0.0 p1 Affected: 3.0.0 p2 Affected: 3.0.0 p3 Affected: 3.0.0 p4 Affected: 3.0.0 p5 Affected: 3.0.0 p6 Affected: 3.1.0 Affected: 3.1.0 p1 Affected: 3.1.0 p3 Affected: 3.1.0 p4 Affected: 3.1.0 p5 Affected: 3.1.0 p7 Affected: 3.2.0 Affected: 3.2.0 p1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ise-file-upload-FceLP4xs",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-FceLP4xs"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:37:26.733250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:37:44.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.6.0"
},
{
"status": "affected",
"version": "2.6.0 p1"
},
{
"status": "affected",
"version": "2.6.0 p2"
},
{
"status": "affected",
"version": "2.6.0 p3"
},
{
"status": "affected",
"version": "2.6.0 p5"
},
{
"status": "affected",
"version": "2.6.0 p6"
},
{
"status": "affected",
"version": "2.6.0 p7"
},
{
"status": "affected",
"version": "2.6.0 p8"
},
{
"status": "affected",
"version": "2.6.0 p9"
},
{
"status": "affected",
"version": "2.6.0 p10"
},
{
"status": "affected",
"version": "2.6.0 p11"
},
{
"status": "affected",
"version": "2.6.0 p12"
},
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.7.0 p1"
},
{
"status": "affected",
"version": "2.7.0 p2"
},
{
"status": "affected",
"version": "2.7.0 p3"
},
{
"status": "affected",
"version": "2.7.0 p4"
},
{
"status": "affected",
"version": "2.7.0 p5"
},
{
"status": "affected",
"version": "2.7.0 p6"
},
{
"status": "affected",
"version": "2.7.0 p7"
},
{
"status": "affected",
"version": "2.7.0 p9"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.0 p1"
},
{
"status": "affected",
"version": "3.0.0 p2"
},
{
"status": "affected",
"version": "3.0.0 p3"
},
{
"status": "affected",
"version": "3.0.0 p4"
},
{
"status": "affected",
"version": "3.0.0 p5"
},
{
"status": "affected",
"version": "3.0.0 p6"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.2.0 p1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:19.551Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-file-upload-FceLP4xs",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-FceLP4xs"
}
],
"source": {
"advisory": "cisco-sa-ise-file-upload-FceLP4xs",
"defects": [
"CSCwc71225"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20213",
"datePublished": "2023-11-01T16:58:11.623Z",
"dateReserved": "2022-10-27T18:47:50.367Z",
"dateUpdated": "2025-06-12T14:37:44.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2072 (GCVE-0-2023-2072)
Vulnerability from cvelistv5 – Published: 2023-07-11 13:05 – Updated: 2024-11-07 17:29
VLAI
Title
Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability
Summary
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | PowerMonitor 1000 |
Affected:
V4.011
|
|
| rockwellautomation | powermonitor_1000 |
Affected:
4.011
cpe:2.3:h:rockwellautomation:powermonitor_1000:-:*:*:*:*:*:*:* |
Date Public
2023-07-11 13:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:rockwellautomation:powermonitor_1000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "powermonitor_1000",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "4.011"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T17:28:29.773714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:29:16.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerMonitor 1000",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "V4.011"
}
]
}
],
"datePublic": "2023-07-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. \u0026nbsp;The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. \u00a0The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T13:05:56.994Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139761"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eCustomers should upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113\u0026amp;versions=58300,55146,54770\"\u003eV4.019\u003c/a\u003e\u0026nbsp;which mitigates this issue\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n * Customers should upgrade to V4.019 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0which mitigates this issue\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation PowerMonitor 1000 Cross-Site Scripting Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2072",
"datePublished": "2023-07-11T13:05:56.994Z",
"dateReserved": "2023-04-14T18:04:06.540Z",
"dateUpdated": "2024-11-07T17:29:16.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2124 (GCVE-0-2023-2124)
Vulnerability from cvelistv5 – Published: 2023-05-15 00:00 – Updated: 2024-08-02 06:12
VLAI
Summary
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity
No CVSS data available.
CWE
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1\u0026id=22ed903eee23a5b174e240f1cdfa9acf393a5210"
},
{
"tags": [
"x_transferred"
],
"url": "https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230622-0010/"
},
{
"name": "DSA-5448",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5448"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 6.4-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T23:07:27.879Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1\u0026id=22ed903eee23a5b174e240f1cdfa9acf393a5210"
},
{
"url": "https://syzkaller.appspot.com/bug?extid=7e9494b8b399902e994e"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230622-0010/"
},
{
"name": "DSA-5448",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5448"
},
{
"name": "DSA-5480",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2124",
"datePublished": "2023-05-15T00:00:00.000Z",
"dateReserved": "2023-04-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T06:12:20.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21489 (GCVE-0-2023-21489)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-02-12 16:13
VLAI
Summary
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Selected Android 11, 12, 13 Qualcomm devices , < SMR May-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T19:59:19.951529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:13:35.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR May-2023 Release 1",
"status": "affected",
"version": "Selected Android 11, 12, 13 Qualcomm devices",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21489",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:13:35.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21499 (GCVE-0-2023-21499)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-02-12 16:29
VLAI
Summary
Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Select Android 13 devices , < SMR May-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T19:37:59.599342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:29:39.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR May-2023 Release 1",
"status": "affected",
"version": "Select Android 13 devices",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21499",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:29:39.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21506 (GCVE-0-2023-21506)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-02-12 16:19
VLAI
Summary
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Blockchain Keystore |
Affected:
unspecified , < 1.3.12.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T19:25:29.518554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:19:18.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "1.3.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21506",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:19:18.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21508 (GCVE-0-2023-21508)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-02-12 16:19
VLAI
Summary
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Blockchain Keystore |
Affected:
unspecified , < 1.3.12.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T19:25:12.661302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:19:59.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "1.3.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21508",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:19:59.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21509 (GCVE-0-2023-21509)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-02-12 16:20
VLAI
Summary
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Blockchain Keystore |
Affected:
unspecified , < 1.3.12.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T19:25:06.663124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:20:21.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Blockchain Keystore",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "1.3.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21509",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:20:21.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21575 (GCVE-0-2023-21575)
Vulnerability from cvelistv5 – Published: 2023-02-17 00:00 – Updated: 2024-08-02 09:44
VLAI
Title
Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write (CWE-787)
Assigner
References
1 reference
Impacted products
Date Public
2023-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-11.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photoshop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "23.5.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "24.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/photoshop/apsb23-11.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21575",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T09:44:01.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-3
Phase: Requirements
Strategy: Language Selection
Description:
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
- Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation ID: MIT-4.1
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation ID: MIT-9
Phase: Implementation
Description:
- Consider adhering to the following rules when allocating and managing an application's memory:
- Double check that the buffer is as large as specified.
- When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
- Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
- If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation ID: MIT-12
Phase: Operation
Strategy: Environment Hardening
Description:
- Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
- For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation ID: MIT-13
Phase: Implementation
Description:
- Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
No CAPEC attack patterns related to this CWE.