Vulnerabilites related to ixsystems - truenas
Vulnerability from fkie_nvd
Published
2020-04-08 23:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://jira.ixsystems.com/browse/NAS-104748 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.ixsystems.com/browse/NAS-104748 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:-:*:*:*:*:*:*",
"matchCriteriaId": "ED051E83-272F-4288-BAEA-3539830AE9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u1:*:*:*:*:*:*",
"matchCriteriaId": "4093D4BE-7463-469B-8D4D-28937D560950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u2:*:*:*:*:*:*",
"matchCriteriaId": "C32BF3CA-FDBA-4C19-97B5-5EC8979F36C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u2.1:*:*:*:*:*:*",
"matchCriteriaId": "71FCC2F1-7A47-4B55-A638-13575BE7DD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u3:*:*:*:*:*:*",
"matchCriteriaId": "714F1F8A-6AA4-4668-9B45-488702C2A232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u4:*:*:*:*:*:*",
"matchCriteriaId": "4E52DE4F-CF8E-47B1-92D0-4A534327EB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u4.1:*:*:*:*:*:*",
"matchCriteriaId": "33ECEDAF-D350-4326-B7A8-97B788C27760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u5:*:*:*:*:*:*",
"matchCriteriaId": "66F6E9C5-25F9-4BC6-B997-A6653B8B0531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u5.1:*:*:*:*:*:*",
"matchCriteriaId": "82FF4DCD-C7B9-41A3-9745-2D5967EDE204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u6:*:*:*:*:*:*",
"matchCriteriaId": "D02CE65B-FED1-410B-93C3-02379395C435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u6.1:*:*:*:*:*:*",
"matchCriteriaId": "983FAD77-AB04-4611-BB19-0612BB660B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.2:u7:*:*:*:*:*:*",
"matchCriteriaId": "0CD66D14-5C63-4F15-99F3-681CFB611CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "9D19A988-63A6-4B2E-BBF8-468BCAD74729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "3048BC44-5492-447C-9F5D-0F4C11E16817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8E7BDE00-A5B1-4455-B4B2-D6CC1E3DA109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "996D15FA-102D-4BED-968A-0D5A4AD5E8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF51D75F-564D-4635-B33B-D513CEE86A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:freenas_firmware:11.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "46ED3ECF-1E06-44A3-8D13-CE039DEB8CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ixsystems:freenas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05FB1FAA-EA18-48FA-A4B6-020ED566BEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:-:*:*:*:*:*:*",
"matchCriteriaId": "DE129DED-3451-4924-8F34-DAC4F2726BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u1:*:*:*:*:*:*",
"matchCriteriaId": "D8FA7C1F-5FC2-4DA5-A91A-4FCEE1BFAEFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u2:*:*:*:*:*:*",
"matchCriteriaId": "5AC0483A-622A-4DBE-90CD-75F927F6EC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u2.1:*:*:*:*:*:*",
"matchCriteriaId": "79F33726-7EA6-4ADD-B5A7-397681C1AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u3:*:*:*:*:*:*",
"matchCriteriaId": "75CC17F0-0764-4A36-B0D0-17F1E3A19318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u4:*:*:*:*:*:*",
"matchCriteriaId": "12EEBFDB-CB0A-436F-8950-49A622387608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u4.1:*:*:*:*:*:*",
"matchCriteriaId": "4A4A9067-9002-4A06-983A-AAD8DFB01490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u5:*:*:*:*:*:*",
"matchCriteriaId": "11B4D8DD-AA82-4D8F-BDE2-159EA8114742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u5.1:*:*:*:*:*:*",
"matchCriteriaId": "1B716751-29CF-4664-A67B-EAB41BFAFB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u6:*:*:*:*:*:*",
"matchCriteriaId": "5BB7C4C6-23A0-461E-92C7-3798AF1C0454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u6.1:*:*:*:*:*:*",
"matchCriteriaId": "5105D7F3-EEB3-4707-8601-6E1A132C0E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.2:u7:*:*:*:*:*:*",
"matchCriteriaId": "93A93CEC-C21C-4C37-80C7-A6EC4E972180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7A8DD2E6-2DBF-4B92-B395-E653C53747BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "8FCF9207-7C8E-4666-8536-07FAF4CF881F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "27F629B8-0A49-4C63-8ECD-B29D708F46D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1FC5FF3C-73F6-4F08-B120-607D1D93EAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "61683EF1-CCD8-49A9-814F-F5A730CFD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:11.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57FF99C0-5B61-4C64-A9A9-DB925DDFF4E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ixsystems:truenas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E69929DE-FB22-446F-9AF4-4AD29130E82B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en iXsystems FreeNAS versiones 11.2 y versiones 11.3 anteriores a 11.3-U1. Permite una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2020-11650",
"lastModified": "2024-11-21T04:58:19.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-08T23:15:12.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-30 21:15
Modified
2025-08-18 14:55
Severity ?
Summary
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the tarfile.extractall method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-25626.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8F4499D-2953-463C-935E-4F5708F42496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A6480CBF-C1B0-4836-9182-877B43515BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "620ABB70-B755-484F-ADC6-9DE0632AAA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u1:*:*:*:*:*:*",
"matchCriteriaId": "EF0F41B8-C534-4D19-A7A8-E75F5244D1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u1.1:*:*:*:*:*:*",
"matchCriteriaId": "73C12E2A-F184-4675-87A3-FD52A3EE4C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u2:*:*:*:*:*:*",
"matchCriteriaId": "F1950768-6C80-49DF-8523-25408F0C72F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u3:*:*:*:*:*:*",
"matchCriteriaId": "7ED50816-C1A4-4516-8712-590E22185800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u3.1:*:*:*:*:*:*",
"matchCriteriaId": "6C0E2272-7123-4954-8624-0ED511BB059C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u4:*:*:*:*:*:*",
"matchCriteriaId": "D0F6FF7D-4DFC-4687-9AF0-D01B49B37746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5:*:*:*:*:*:*",
"matchCriteriaId": "BBC3D336-9712-4A9C-8F04-44FCBF47CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5.1:*:*:*:*:*:*",
"matchCriteriaId": "059608EB-62A0-4C51-A9DB-ABD4D190C473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5.2:*:*:*:*:*:*",
"matchCriteriaId": "7FBD6FD4-AC6E-430B-B9CB-251F777D4114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5.3:*:*:*:*:*:*",
"matchCriteriaId": "84712659-6882-48D9-AE2B-AE7CB3DF93E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u6:*:*:*:*:*:*",
"matchCriteriaId": "AF709A44-8058-441B-BEE8-799B7C7BA966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u6.1:*:*:*:*:*:*",
"matchCriteriaId": "905BA09B-2DED-42EF-BCC8-72C78DD57E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u6.2:*:*:*:*:*:*",
"matchCriteriaId": "2998DF30-DE67-42CA-8552-BC7242C3C1B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ixsystems:truenas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E69929DE-FB22-446F-9AF4-4AD29130E82B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the tarfile.extractall method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-25626."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo mediante el m\u00e9todo tarfile.extractall de iXsystems TrueNAS CORE. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en instalaciones afectadas de dispositivos iXsystems TrueNAS. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro del m\u00e9todo tarfile.extractall. El problema es el resultado de la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones con archivos. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-25626."
}
],
"id": "CVE-2024-11944",
"lastModified": "2025-08-18T14:55:00.567",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-30T21:15:05.493",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Release Notes"
],
"url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1643/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-30 21:15
Modified
2025-08-18 14:52
Severity ?
Summary
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas_firmware | 13.0 | |
| ixsystems | truenas | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F8F4499D-2953-463C-935E-4F5708F42496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A6480CBF-C1B0-4836-9182-877B43515BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "620ABB70-B755-484F-ADC6-9DE0632AAA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u1:*:*:*:*:*:*",
"matchCriteriaId": "EF0F41B8-C534-4D19-A7A8-E75F5244D1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u1.1:*:*:*:*:*:*",
"matchCriteriaId": "73C12E2A-F184-4675-87A3-FD52A3EE4C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u2:*:*:*:*:*:*",
"matchCriteriaId": "F1950768-6C80-49DF-8523-25408F0C72F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u3:*:*:*:*:*:*",
"matchCriteriaId": "7ED50816-C1A4-4516-8712-590E22185800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u3.1:*:*:*:*:*:*",
"matchCriteriaId": "6C0E2272-7123-4954-8624-0ED511BB059C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u4:*:*:*:*:*:*",
"matchCriteriaId": "D0F6FF7D-4DFC-4687-9AF0-D01B49B37746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5:*:*:*:*:*:*",
"matchCriteriaId": "BBC3D336-9712-4A9C-8F04-44FCBF47CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5.1:*:*:*:*:*:*",
"matchCriteriaId": "059608EB-62A0-4C51-A9DB-ABD4D190C473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5.2:*:*:*:*:*:*",
"matchCriteriaId": "7FBD6FD4-AC6E-430B-B9CB-251F777D4114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u5.3:*:*:*:*:*:*",
"matchCriteriaId": "84712659-6882-48D9-AE2B-AE7CB3DF93E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u6:*:*:*:*:*:*",
"matchCriteriaId": "AF709A44-8058-441B-BEE8-799B7C7BA966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u6.1:*:*:*:*:*:*",
"matchCriteriaId": "905BA09B-2DED-42EF-BCC8-72C78DD57E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ixsystems:truenas_firmware:13.0:u6.2:*:*:*:*:*:*",
"matchCriteriaId": "2998DF30-DE67-42CA-8552-BC7242C3C1B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ixsystems:truenas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E69929DE-FB22-446F-9AF4-4AD29130E82B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668."
},
{
"lang": "es",
"value": "Vulnerabilidad de transmisi\u00f3n de informaci\u00f3n confidencial en texto plano de iXsystems TrueNAS CORE fetch_plugin_packagesites tar. Esta vulnerabilidad permite a los atacantes adyacentes a la red manipular los archivos de actualizaci\u00f3n de firmware en las instalaciones afectadas de los dispositivos iXsystems TrueNAS. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en la gesti\u00f3n de las actualizaciones de firmware. El problema es el resultado del uso de un protocolo inseguro para entregar actualizaciones. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-25668."
}
],
"id": "CVE-2024-11946",
"lastModified": "2025-08-18T14:52:20.223",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-30T21:15:05.920",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Release Notes"
],
"url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1644/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
CVE-2024-11944 (GCVE-0-2024-11944)
Vulnerability from cvelistv5
Published
2024-12-30 20:12
Modified
2024-12-30 23:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the tarfile.extractall method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-25626.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1643/ | x_research-advisory | |
| https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iXsystems | TrueNAS CORE |
Version: 13.3-RELEASE |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T23:01:11.089087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T23:06:10.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TrueNAS CORE",
"vendor": "iXsystems",
"versions": [
{
"status": "affected",
"version": "13.3-RELEASE"
}
]
}
],
"dateAssigned": "2024-11-27T17:37:05.506-06:00",
"datePublic": "2024-12-19T19:15:42.148-06:00",
"descriptions": [
{
"lang": "en",
"value": "iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the tarfile.extractall method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-25626."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T20:12:12.970Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1643",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1643/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63"
}
],
"source": {
"lang": "en",
"value": "Daan Keuper, Thijs Alkemade and Khaled Nassar from Computest Sector 7"
},
"title": "iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11944",
"datePublished": "2024-12-30T20:12:12.970Z",
"dateReserved": "2024-11-27T23:37:05.474Z",
"dateUpdated": "2024-12-30T23:06:10.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11946 (GCVE-0-2024-11946)
Vulnerability from cvelistv5
Published
2024-12-30 20:12
Modified
2024-12-30 22:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1644/ | x_research-advisory | |
| https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iXsystems | TrueNAS CORE |
Version: 13.3-RELEASE |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T22:58:53.294782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T22:59:36.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TrueNAS CORE",
"vendor": "iXsystems",
"versions": [
{
"status": "affected",
"version": "13.3-RELEASE"
}
]
}
],
"dateAssigned": "2024-11-27T17:37:33.541-06:00",
"datePublic": "2024-12-19T19:15:47.308-06:00",
"descriptions": [
{
"lang": "en",
"value": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T20:12:23.839Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1644",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1644/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63"
}
],
"source": {
"lang": "en",
"value": "Daan Keuper, Thijs Alkemade and Khaled Nassar from Computest Sector 7"
},
"title": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11946",
"datePublished": "2024-12-30T20:12:23.839Z",
"dateReserved": "2024-11-27T23:37:33.514Z",
"dateUpdated": "2024-12-30T22:59:36.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11650 (GCVE-0-2020-11650)
Vulnerability from cvelistv5
Published
2020-04-08 22:12
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jira.ixsystems.com/browse/NAS-104748 | x_refsource_MISC | |
| https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-10T11:25:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of an authentication message or the rate at which such messages are sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.ixsystems.com/browse/NAS-104748",
"refsource": "MISC",
"url": "https://jira.ixsystems.com/browse/NAS-104748"
},
{
"name": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/",
"refsource": "CONFIRM",
"url": "https://security.ixsystems.com/cves/2020-04-08-cve-2020-11650/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11650",
"datePublished": "2020-04-08T22:12:46",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}