Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
75 vulnerabilities by Polycom
CVE-2025-34093 (GCVE-0-2025-34093)
Vulnerability from cvelistv5 – Published: 2025-07-10 19:13 – Updated: 2026-04-07 14:09
VLAI
Title
Polycom HDX Series Telnet Command Injection via lan traceroute
Summary
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://staaldraad.github.io/2017/11/12/polycom-h… | exploittechnical-description |
| https://web.archive.org/web/20200312205144/http:/… | vendor-advisorypatch |
| https://www.exploit-db.com/exploits/24494 | exploit |
| https://vulncheck.com/advisories/polycom-hdx-seri… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Polycom | HDX Series |
Affected:
0 , < 3.1.11 hotfix 2
(custom)
|
Date Public
2013-02-14 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34093",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:28:35.171424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:28:51.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"lan traceroute command",
"Polycom HDX Series command shell (devcmds console)"
],
"product": "HDX Series",
"vendor": "Polycom",
"versions": [
{
"lessThan": "3.1.11 hotfix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:hdx:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Etienne Stalmans of Staaldraad"
}
],
"datePublic": "2013-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The \u003ccode\u003elan traceroute\u003c/code\u003e command in the \u003ccode\u003edevcmds\u003c/code\u003e console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.\u003c/p\u003e"
}
],
"value": "An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
},
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:24.426Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/misc/polycom_hdx_traceroute_exec.rb"
},
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://staaldraad.github.io/2017/11/12/polycom-hdx-rce/"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://web.archive.org/web/20200312205144/http://support.polycom.com/content/dam/polycom-support/global/documentation/securityadvisory-remotecodeexecutionon-hdx-v0.3-hotfix-release.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/24494"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/polycom-hdx-series-telnet-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Polycom HDX Series Telnet Command Injection via lan traceroute",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34093",
"datePublished": "2025-07-10T19:13:44.410Z",
"dateReserved": "2025-04-15T19:15:22.551Z",
"dateUpdated": "2026-04-07T14:09:24.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-11355 (GCVE-0-2019-11355)
Vulnerability from cvelistv5 – Published: 2020-03-12 20:56 – Updated: 2024-08-04 22:48
VLAI
Summary
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.polycom.com/content/dam/polycom-s… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator\u0027s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T20:56:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator\u0027s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf",
"refsource": "MISC",
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hdx-3-1-14-advisory.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11355",
"datePublished": "2020-03-12T20:56:02.000Z",
"dateReserved": "2019-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:48:09.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34093 (GCVE-0-2025-34093)
Vulnerability from nvd – Published: 2025-07-10 19:13 – Updated: 2026-04-07 14:09
VLAI
Title
Polycom HDX Series Telnet Command Injection via lan traceroute
Summary
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://raw.githubusercontent.com/rapid7/metasplo… | exploit |
| https://staaldraad.github.io/2017/11/12/polycom-h… | exploittechnical-description |
| https://web.archive.org/web/20200312205144/http:/… | vendor-advisorypatch |
| https://www.exploit-db.com/exploits/24494 | exploit |
| https://vulncheck.com/advisories/polycom-hdx-seri… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Polycom | HDX Series |
Affected:
0 , < 3.1.11 hotfix 2
(custom)
|
Date Public
2013-02-14 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34093",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:28:35.171424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:28:51.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"lan traceroute command",
"Polycom HDX Series command shell (devcmds console)"
],
"product": "HDX Series",
"vendor": "Polycom",
"versions": [
{
"lessThan": "3.1.11 hotfix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polycom:hdx:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.11",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Etienne Stalmans of Staaldraad"
}
],
"datePublic": "2013-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The \u003ccode\u003elan traceroute\u003c/code\u003e command in the \u003ccode\u003edevcmds\u003c/code\u003e console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.\u003c/p\u003e"
}
],
"value": "An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
},
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:24.426Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/misc/polycom_hdx_traceroute_exec.rb"
},
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://staaldraad.github.io/2017/11/12/polycom-hdx-rce/"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://web.archive.org/web/20200312205144/http://support.polycom.com/content/dam/polycom-support/global/documentation/securityadvisory-remotecodeexecutionon-hdx-v0.3-hotfix-release.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/24494"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/polycom-hdx-series-telnet-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Polycom HDX Series Telnet Command Injection via lan traceroute",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34093",
"datePublished": "2025-07-10T19:13:44.410Z",
"dateReserved": "2025-04-15T19:15:22.551Z",
"dateUpdated": "2026-04-07T14:09:24.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-200402-0018
Vulnerability from variot - Updated: 2024-05-25 01:33Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution. The implementation of the H.323 protocol contains multiple vulnerabilities. Remote attackers can use this vulnerability to conduct denial-of-service attacks on H.323-implemented devices and software, and may execute arbitrary instructions on the system with process privileges. The current investigation results are as follows: 3Com current supplier has no statement about this issue Alcatel current supplier has no statement about this issue Apple Computer Inc. Mac OS X and Mac OS X Server are not affected by this vulnerability AT&T Current supplier has no statement about this issue To make a statement Avaya can see NISCC Vulnerability Advisory 006489/H323:t http://www.uniras.gov.uk/vuls/2004/006489/h323.htm Borderware Current supplier has no statement on this issue Check Point Current supplier has no Statement on this issue BSDI The current supplier has no statement on this issue Cisco Systems Inc. -----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities
Original release date: January 13, 2004 Last revised: -- Source: CERT/CC, NISCC
A complete revision history can be found at the end of this file.
I. Description
The U.K. H.323 is an international standard protocol, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. Examples of such systems include VoIP, video-conferencing equipment, and network devices that manage H.323 traffic. A test suite developed by NISCC and the University of Oulu Security Programming Group (OUSPG) has exposed multiple vulnerabilities in a variety of implementations of the H.323 protocol (specifically its connection setup sub-protocol H.225.0).
Information about individual vendor H.323 implementations is available in the Vendor Information section below, and in the Vendor Information section of NISCC Vulnerability Advisory 006489/H323.
The U.K. National Infrastructure Security Co-ordination Centre is tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is tracking this issue as VU#749342. This reference number corresponds to CVE candidate CAN-2003-0819, as referenced in Microsoft Security Bulletin MS04-001.
II.
III. Solution
Apply a patch or upgrade
Appendix A and the Systems Affected section of Vulnerability Note VU#749342 contain information provided by vendors for this advisory (http://www.kb.cert.org/vuls/id/749342#systems).
However, as vendors report new information to the CERT/CC, we will only update VU#749342. If a particular vendor is not listed, we have not received their comments. Please contact your vendor directly.
Filter network traffic
Sites are encouraged to apply network packet filters to block access to the H.323 services at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be filtered include
* 1720/TCP
* 1720/UDP
If access cannot be filtered at the network perimeter, the CERT/CC recommends limiting access to only those external hosts that require H.323 for normal operation. As a general rule, filtering all types of network traffic that are not required for normal operation is recommended.
It is important to note that some firewalls process H.323 packets and may themselves be vulnerable to attack. As noted in some vendor recommendations like Cisco Security Advisory 20040113-h323 and Microsoft Security Bulletin MS04-001, certain sites may actually want to disable application layer inspection of H.323 network packets.
Protecting your infrastructure against these vulnerabilities may require careful coordination among application, computer, network, and telephony administrators. You may have to make tradeoffs between security and functionality until vulnerable products can be updated.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. Please see the Systems Affected section of Vulnerability Note VU#749342 and the Vendor Information section of NISCC Vulnerability Advisory 006489/H323 for the latest information regarding the response of the vendor community to this issue.
3Com
No statement is currently available from the vendor regarding this
vulnerability.
Alcatel
No statement is currently available from the vendor regarding this
vulnerability.
Apple Computer Inc.
Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain
the issue described in this note.
AT&T
No statement is currently available from the vendor regarding this
vulnerability.
Avaya
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Borderware
No statement is currently available from the vendor regarding this
vulnerability.
Check Point
No statement is currently available from the vendor regarding this
vulnerability.
BSDI
No statement is currently available from the vendor regarding this
vulnerability.
Cisco Systems Inc.
Please see
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
Clavister
No statement is currently available from the vendor regarding this
vulnerability.
Computer Associates
No statement is currently available from the vendor regarding this
vulnerability.
Cyberguard
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Debian
No statement is currently available from the vendor regarding this
vulnerability.
D-Link Systems
No statement is currently available from the vendor regarding this
vulnerability.
Conectiva
No statement is currently available from the vendor regarding this
vulnerability.
EMC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Engarde
No statement is currently available from the vendor regarding this
vulnerability.
eSoft
We don't have an H.323 implementation and thus aren't affected by
this.
Extreme Networks
No statement is currently available from the vendor regarding this
vulnerability.
F5 Networks
No statement is currently available from the vendor regarding this
vulnerability.
Foundry Networks Inc.
No statement is currently available from the vendor regarding this
vulnerability.
FreeBSD
No statement is currently available from the vendor regarding this
vulnerability.
Fujitsu
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Global Technology Associates
No statement is currently available from the vendor regarding this
vulnerability.
Hitachi
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Hewlett-Packard Company
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Ingrian Networks
No statement is currently available from the vendor regarding this
vulnerability.
Intel
No statement is currently available from the vendor regarding this
vulnerability.
Intoto
No statement is currently available from the vendor regarding this
vulnerability.
Juniper Networks
No statement is currently available from the vendor regarding this
vulnerability.
Lachman
No statement is currently available from the vendor regarding this
vulnerability.
Linksys
No statement is currently available from the vendor regarding this
vulnerability.
Lotus Software
No statement is currently available from the vendor regarding this
vulnerability.
Lucent Technologies
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Microsoft Corporation
Please see
http://www.microsoft.com/technet/security/bulletin/MS04-001.asp
MontaVista Software
No statement is currently available from the vendor regarding this
vulnerability.
MandrakeSoft
No statement is currently available from the vendor regarding this
vulnerability.
Multi-Tech Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
NEC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
NetBSD
NetBSD does not ship any H.323 implementations as part of the
Operating System.
There are a number of third-party implementations available in the
pkgsrc system. As these products are found to be vulnerable, or
updated, the packages will be updated accordingly. The
audit-packages mechanism can be used to check for known-vulnerable
package versions.
Netfilter
No statement is currently available from the vendor regarding this
vulnerability.
NetScreen
No statement is currently available from the vendor regarding this
vulnerability.
Network Appliance
No statement is currently available from the vendor regarding this
vulnerability.
Nokia
No statement is currently available from the vendor regarding this
vulnerability.
Nortel Networks
The following Nortel Networks Generally Available products and
solutions are potentially affected by the vulnerabilities
identified in NISCC Vulnerability Advisory 006489/H323 and CERT
VU#749342:
Business Communications Manager (BCM) (all versions) is potentially
affected; more information is available in Product Advisory Alert
No. PAA 2003-0392-Global. PAA-2003-0465-Global.
For more information please contact
North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009,
or +44 (0) 870 907 9009
Contacts for other regions are available at
http://www.nortelnetworks.com/help/contact/global/
Or visit the eService portal at http://www.nortelnetworks.com/cs
under Advanced Search.
If you are a channel partner, more information can be found under
http://www.nortelnetworks.com/pic
under Advanced Search.
Novell
No statement is currently available from the vendor regarding this
vulnerability.
Objective Systems Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
OpenBSD
No statement is currently available from the vendor regarding this
vulnerability.
Openwall GNU/*/Linux
No statement is currently available from the vendor regarding this
vulnerability.
RadVision
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Red Hat Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Oracle Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Riverstone Networks
No statement is currently available from the vendor regarding this
vulnerability.
Secure Computing Corporation
No statement is currently available from the vendor regarding this
vulnerability.
SecureWorks
No statement is currently available from the vendor regarding this
vulnerability.
Sequent
No statement is currently available from the vendor regarding this
vulnerability.
Sony Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Stonesoft
No statement is currently available from the vendor regarding this
vulnerability.
Sun Microsystems Inc.
Sun SNMP does not provide support for H.323, so we are not
vulnerable. And so far we have not found any bundled products that
are affected by this vulnerability. We are also actively
investigating our unbundled products to see if they are affected.
Updates will be provided to this statement as they become
available.
SuSE Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Symantec Corporation
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Unisys
No statement is currently available from the vendor regarding this
vulnerability.
TandBerg
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Tumbleweed Communications Corp.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
TurboLinux
No statement is currently available from the vendor regarding this
vulnerability.
uniGone
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
WatchGuard
No statement is currently available from the vendor regarding this
vulnerability.
Wirex
No statement is currently available from the vendor regarding this
vulnerability.
Wind River Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Xerox
No statement is currently available from the vendor regarding this
vulnerability.
ZyXEL
No statement is currently available from the vendor regarding this
vulnerability.
_________________________________________________________________
The CERT Coordination Center thanks the NISCC Vulnerability Management Team and the University of Oulu Security Programming Group (OUSPG) for coordinating the discovery and release of the technical details of this issue. ___________
Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. McDowell, Shawn V. Hernan and Jason A. Rafail
This document is available from: http://www.cert.org/advisories/CA-2004-01.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright 2004 Carnegie Mellon University.
Revision History January 13, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT BfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh AP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77 KeVgAqcfP2M= =p0GQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200402-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios 12.0",
"scope": null,
"trust": 5.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": null,
"trust": 3.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": null,
"trust": 2.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s7",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s1",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "802.11 wireless ip gateway",
"scope": null,
"trust": 1.4,
"vendor": "nortel",
"version": null
},
{
"model": "succession communication server 1000",
"scope": null,
"trust": 1.4,
"vendor": "nortel",
"version": null
},
{
"model": "business communications manager",
"scope": null,
"trust": 1.4,
"vendor": "nortel",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "802.11 wireless ip gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "nortel",
"version": "*"
},
{
"model": "succession communication server 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "nortel",
"version": "*"
},
{
"model": "business communications manager",
"scope": "eq",
"trust": 1.0,
"vendor": "nortel",
"version": "*"
},
{
"model": "ios 12.1 e8",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e7",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "radvision",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tandberg",
"version": null
},
{
"model": "ios 12.0 st7",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5a",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.1 aa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bx",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(22)"
},
{
"model": "opencall multiservice controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "ios 12.1 yh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 [ vpn des strong ] sp2 build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141716"
},
{
"model": "ios 12.2yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(1)"
},
{
"model": "ios 12.1 yf4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(7)"
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.4.7"
},
{
"model": "ios 12.1 yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(27)"
},
{
"model": "ios 11.3ha",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(5)"
},
{
"model": "ios 12.1xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(20)"
},
{
"model": "isa server fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.2zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.2 t0a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1x",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yz2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(13)"
},
{
"model": "ios 12.0 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "4000"
},
{
"model": "ios 12.2 ya8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb15",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 11.3 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(14.5)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure host media processing software",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "1.0"
},
{
"model": "ios 12.0xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.1 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios t",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "ios 12.1xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(11)"
},
{
"model": "ios 12.1xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ze",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(18.4)"
},
{
"model": "ios 12.2 sl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "ios 12.1 e12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1000"
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet premier",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.1xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.0"
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(17)"
},
{
"model": "ios 12.1xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xy6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(8)"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xp4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e18",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.02"
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.3 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xv"
},
{
"model": "ios 12.1 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(8)"
},
{
"model": "pwlib-1.2.12-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications conference server",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(7)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 12.1xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(4)"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 t10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"model": "ios 12.0 st4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure pbx-ip media gateway",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "ios 12.0xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "ios 12.2 zh3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv3"
},
{
"model": "ios 12.1 yf2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.5.0"
},
{
"model": "point software firewall-1 [ vpn des strong ] build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141439"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.2"
},
{
"model": "ios 12.1 e14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2yk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software ng-ai",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(9)"
},
{
"model": "ios 12.2zd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.1 e16",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bts",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
},
{
"model": "ios 12.2 mx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(12.05)"
},
{
"model": "ios 12.2yn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1)"
},
{
"model": "ios 12.1 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e13",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 t5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios 12.1 yb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(28)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(3)"
},
{
"model": "ios 12.0 st5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3)"
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ios 12.2zg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xg5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.1 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xl4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1.1)"
},
{
"model": "netstructure ipt ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "internet service node",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(18.2)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "isa server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xu1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv"
},
{
"model": "ios 12.0 s2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.137"
},
{
"model": "networks wireless ip gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "(802.11)"
},
{
"model": "ios 12.1yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv5"
},
{
"model": "sg203",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "ios 12.2 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(4)"
},
{
"model": "ios 12.1xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ios 12.1 ec3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3.2)"
},
{
"model": "ios 11.3da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ed",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.2 zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zb7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios 12.1xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.11"
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.2zj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.3.1"
},
{
"model": "ios 12.2 xm2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ye",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv4"
},
{
"model": "ios 12.1 xs2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 yw2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ym",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks business communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"model": "ios 12.1 xm7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "5000"
},
{
"model": "ios 12.2yw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure dmip ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "point software firewall-1 [ vpn des ]",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "+4.1"
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.146"
},
{
"model": "ios 12.2 yw3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(26)"
},
{
"model": "conference connection",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.1"
},
{
"model": "ios 12.2 xb11",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pwlib-1.3.3-5.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(9)"
},
{
"model": "ios 12.2 zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 sx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sunforum 3d",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.0"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
},
{
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortel:802.11_wireless_ip_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nortel:business_communications_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:nortel:succession_communication_server_1000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "University of Oulu Security Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2004-0056",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-8486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0056",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#749342",
"trust": 0.8,
"value": "13.67"
},
{
"author": "CNNVD",
"id": "CNNVD-200402-049",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-8486",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8486"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
},
{
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution. The implementation of the H.323 protocol contains multiple vulnerabilities. Remote attackers can use this vulnerability to conduct denial-of-service attacks on H.323-implemented devices and software, and may execute arbitrary instructions on the system with process privileges. The current investigation results are as follows: 3Com current supplier has no statement about this issue Alcatel current supplier has no statement about this issue Apple Computer Inc. Mac OS X and Mac OS X Server are not affected by this vulnerability AT\u0026T Current supplier has no statement about this issue To make a statement Avaya can see NISCC Vulnerability Advisory 006489/H323:t http://www.uniras.gov.uk/vuls/2004/006489/h323.htm Borderware Current supplier has no statement on this issue Check Point Current supplier has no Statement on this issue BSDI The current supplier has no statement on this issue Cisco Systems Inc. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities\n\n Original release date: January 13, 2004\n Last revised: --\n Source: CERT/CC, NISCC\n\n A complete revision history can be found at the end of this file. \n\nI. Description\n\n The U.K. H.323 is\n an international standard protocol, published by the International\n Telecommunications Union, used to facilitate communication among\n telephony and multimedia systems. Examples of such systems include\n VoIP, video-conferencing equipment, and network devices that manage\n H.323 traffic. A test suite developed by NISCC and the University of\n Oulu Security Programming Group (OUSPG) has exposed multiple\n vulnerabilities in a variety of implementations of the H.323 protocol\n (specifically its connection setup sub-protocol H.225.0). \n\n Information about individual vendor H.323 implementations is available\n in the Vendor Information section below, and in the Vendor Information\n section of NISCC Vulnerability Advisory 006489/H323. \n\n The U.K. National Infrastructure Security Co-ordination Centre is\n tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is\n tracking this issue as VU#749342. This reference number corresponds to\n CVE candidate CAN-2003-0819, as referenced in Microsoft Security\n Bulletin MS04-001. \n\nII. \n\nIII. Solution\n\nApply a patch or upgrade\n\n Appendix A and the Systems Affected section of Vulnerability Note\n VU#749342 contain information provided by vendors for this advisory\n (\u003chttp://www.kb.cert.org/vuls/id/749342#systems\u003e). \n\n However, as vendors report new information to the CERT/CC, we will\n only update VU#749342. If a particular vendor is not listed, we have\n not received their comments. Please contact your vendor directly. \n\nFilter network traffic\n\n Sites are encouraged to apply network packet filters to block access\n to the H.323 services at network borders. This can minimize the\n potential of denial-of-service attacks originating from outside the\n perimeter. The specific services that should be filtered include\n\n * 1720/TCP\n * 1720/UDP\n\n If access cannot be filtered at the network perimeter, the CERT/CC\n recommends limiting access to only those external hosts that require\n H.323 for normal operation. As a general rule, filtering all types of\n network traffic that are not required for normal operation is\n recommended. \n\n It is important to note that some firewalls process H.323 packets and\n may themselves be vulnerable to attack. As noted in some vendor\n recommendations like Cisco Security Advisory 20040113-h323 and\n Microsoft Security Bulletin MS04-001, certain sites may actually want\n to disable application layer inspection of H.323 network packets. \n\n Protecting your infrastructure against these vulnerabilities may\n require careful coordination among application, computer, network, and\n telephony administrators. You may have to make tradeoffs between\n security and functionality until vulnerable products can be updated. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. Please see the Systems Affected section of Vulnerability\n Note VU#749342 and the Vendor Information section of NISCC\n Vulnerability Advisory 006489/H323 for the latest information\n regarding the response of the vendor community to this issue. \n\n3Com\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAlcatel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nApple Computer Inc. \n\n Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain\n the issue described in this note. \n\nAT\u0026T\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAvaya\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nBorderware\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCheck Point\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nBSDI\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCisco Systems Inc. \n\n Please see\n http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml\n\nClavister\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nComputer Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCyberguard\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nDebian\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nD-Link Systems\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nConectiva\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEMC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEngarde\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\neSoft\n\n We don\u0027t have an H.323 implementation and thus aren\u0027t affected by\n this. \n\nExtreme Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nF5 Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFoundry Networks Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFreeBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFujitsu\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nGlobal Technology Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nHitachi\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nHewlett-Packard Company\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nIngrian Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntoto\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nJuniper Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLachman\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLinksys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLotus Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLucent Technologies\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nMicrosoft Corporation\n\n Please see\n http://www.microsoft.com/technet/security/bulletin/MS04-001.asp\n\nMontaVista Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMandrakeSoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMulti-Tech Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNEC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetBSD\n\n NetBSD does not ship any H.323 implementations as part of the\n Operating System. \n\n There are a number of third-party implementations available in the\n pkgsrc system. As these products are found to be vulnerable, or\n updated, the packages will be updated accordingly. The\n audit-packages mechanism can be used to check for known-vulnerable\n package versions. \n\nNetfilter\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetScreen\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetwork Appliance\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNokia\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNortel Networks\n\n The following Nortel Networks Generally Available products and\n solutions are potentially affected by the vulnerabilities\n identified in NISCC Vulnerability Advisory 006489/H323 and CERT\n VU#749342:\n\n Business Communications Manager (BCM) (all versions) is potentially\n affected; more information is available in Product Advisory Alert\n No. PAA 2003-0392-Global. PAA-2003-0465-Global. \n\n For more information please contact\n\n North America: 1-800-4NORTEL or 1-800-466-7835\n Europe, Middle East and Africa: 00800 8008 9009,\n or +44 (0) 870 907 9009\n\n Contacts for other regions are available at\n\n http://www.nortelnetworks.com/help/contact/global/\n\n Or visit the eService portal at http://www.nortelnetworks.com/cs\n under Advanced Search. \n\n If you are a channel partner, more information can be found under\n\n http://www.nortelnetworks.com/pic\n\n under Advanced Search. \n\nNovell\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nObjective Systems Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOpenBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nOpenwall GNU/*/Linux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRadVision\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nRed Hat Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOracle Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRiverstone Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecure Computing Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecureWorks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSequent\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSony Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nStonesoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSun Microsystems Inc. \n\n Sun SNMP does not provide support for H.323, so we are not\n vulnerable. And so far we have not found any bundled products that\n are affected by this vulnerability. We are also actively\n investigating our unbundled products to see if they are affected. \n Updates will be provided to this statement as they become\n available. \n\nSuSE Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSymantec Corporation\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nUnisys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nTandBerg\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTumbleweed Communications Corp. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTurboLinux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nuniGone\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nWatchGuard\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWirex\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWind River Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nXerox\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nZyXEL\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n _________________________________________________________________\n\n The CERT Coordination Center thanks the NISCC Vulnerability Management\n Team and the University of Oulu Security Programming Group (OUSPG) for\n coordinating the discovery and release of the technical details of\n this issue. \n _________________________________________________________________\n\n Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. \n McDowell, Shawn V. Hernan and Jason A. Rafail\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2004-01.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n ______________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2004 Carnegie Mellon University. \n\n Revision History\nJanuary 13, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT\nBfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh\nAP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77\nKeVgAqcfP2M=\n=p0GQ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0056"
},
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "VULHUB",
"id": "VHN-8486"
},
{
"db": "PACKETSTORM",
"id": "32511"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0056",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#749342",
"trust": 3.4
},
{
"db": "BID",
"id": "9406",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1008687",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000669",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200402-049",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "CA-2004-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-8486",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32511",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8486"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
},
{
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"id": "VAR-200402-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8486"
}
],
"trust": 0.9232794942857142
},
"last_update_date": "2024-05-25T01:33:23.856000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm"
},
{
"trust": 2.9,
"url": "http://www.cert.org/advisories/ca-2004-01.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9406"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/749342"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1008687"
},
{
"trust": 0.8,
"url": "http://www.itu.int/itudoc/itu-t/rec/h/h225-0.html"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0056"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/h323.html"
},
{
"trust": 0.3,
"url": "http://support.fvc.com/eng/docs/misc_docs/h.323_security_bulletin.pdf"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/h323_hf.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101429-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=15871"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/749342#systems\u003e)."
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-001.asp"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/cs"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/pic"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8486"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
},
{
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8486"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
},
{
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2004-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-8486"
},
{
"date": "2004-01-13T00:00:00",
"db": "BID",
"id": "9406"
},
{
"date": "2024-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"date": "2004-01-14T18:44:00",
"db": "PACKETSTORM",
"id": "32511"
},
{
"date": "2004-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200402-049"
},
{
"date": "2004-02-17T05:00:00",
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-8486"
},
{
"date": "2007-11-15T00:39:00",
"db": "BID",
"id": "9406"
},
{
"date": "2024-05-23T03:47:00",
"db": "JVNDB",
"id": "JVNDB-2004-000669"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200402-049"
},
{
"date": "2008-09-05T20:37:23.210000",
"db": "NVD",
"id": "CVE-2004-0056"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in H.323 implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "9406"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-049"
}
],
"trust": 0.9
}
}
VAR-202109-1570
Vulnerability from variot - Updated: 2024-05-17 22:47A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Poly ( Old Polycom) CX5500 and CX5100 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Poly CX5500 and Poly CX5100 are a set of products for video calling from American Plantronics (Poly)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1570",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cx5100",
"scope": "eq",
"trust": 1.6,
"vendor": "poly",
"version": "1.3.5"
},
{
"model": "cx5500",
"scope": "eq",
"trust": 1.6,
"vendor": "poly",
"version": "1.3.5"
},
{
"model": "cx5100",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "cx5500",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:poly:cx5500_firmware:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:poly:cx5500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:poly:cx5100_firmware:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:poly:cx5100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"cve": "CVE-2021-37145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-37145",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-05866",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-37145",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-37145",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-05866",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-362",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-37145",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"db": "VULMON",
"id": "CVE-2021-37145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-362"
},
{
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Poly ( Old Polycom) CX5500 and CX5100 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Poly CX5500 and Poly CX5100 are a set of products for video calling from American Plantronics (Poly)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"db": "VULMON",
"id": "CVE-2021-37145"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37145",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011546",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-05866",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-362",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37145",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"db": "VULMON",
"id": "CVE-2021-37145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-362"
},
{
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"id": "VAR-202109-1570",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05866"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05866"
}
]
},
"last_update_date": "2024-05-17T22:47:36.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Poly\u00a0Support\u00a0|\u00a0Support Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.poly.com/us/en/support"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.polycom.com/content/support.html"
},
{
"trust": 1.7,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-bulletin-cx5100-cx5500-authenticated-v1-0.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37145"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"db": "VULMON",
"id": "CVE-2021-37145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-362"
},
{
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"db": "VULMON",
"id": "CVE-2021-37145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-362"
},
{
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"date": "2021-09-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37145"
},
{
"date": "2022-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"date": "2021-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-362"
},
{
"date": "2021-09-07T23:15:07",
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-05866"
},
{
"date": "2021-09-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37145"
},
{
"date": "2022-08-04T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-011546"
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-362"
},
{
"date": "2024-05-17T01:59:07.990000",
"db": "NVD",
"id": "CVE-2021-37145"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-362"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Poly\u00a0CX5500\u00a0 and \u00a0CX5100\u00a0 Command injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011546"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-362"
}
],
"trust": 0.6
}
}
VAR-201803-2236
Vulnerability from variot - Updated: 2023-12-18 14:05Stored XSS exists on Polycom QDX 6000 devices. Polycom QDX 6000 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PolycomQDX6000devices is a video conferencing terminal device from Polycom. A remote attacker could exploit this vulnerability to execute arbitrary Javascript code in a user's web browser
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2236",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qdx 6000",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "qdx 6000",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "qdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "6000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:qdx_6000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:qdx_6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7564"
}
]
},
"cve": "CVE-2018-7564",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7564",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-06505",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-137596",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-7564",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7564",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-06505",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-189",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137596",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "VULHUB",
"id": "VHN-137596"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored XSS exists on Polycom QDX 6000 devices. Polycom QDX 6000 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PolycomQDX6000devices is a video conferencing terminal device from Polycom. A remote attacker could exploit this vulnerability to execute arbitrary Javascript code in a user\u0027s web browser",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "VULHUB",
"id": "VHN-137596"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7564",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-189",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-06505",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137596",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "VULHUB",
"id": "VHN-137596"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
]
},
"id": "VAR-201803-2236",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "VULHUB",
"id": "VHN-137596"
}
],
"trust": 1.2089286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
}
]
},
"last_update_date": "2023-12-18T14:05:29.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vulnerabilities in Polycom QDX 6000 - Version 1.0",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf"
},
{
"title": "Patch for PolycomQDX6000 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/123633"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137596"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "NVD",
"id": "CVE-2018-7564"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7564"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "VULHUB",
"id": "VHN-137596"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"db": "VULHUB",
"id": "VHN-137596"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"date": "2018-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-137596"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"date": "2018-03-07T20:29:00.373000",
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"date": "2018-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06505"
},
{
"date": "2018-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-137596"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"date": "2018-03-26T18:17:36.257000",
"db": "NVD",
"id": "CVE-2018-7564"
},
{
"date": "2018-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom QDX 6000 Device cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002579"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-189"
}
],
"trust": 0.6
}
}
VAR-201811-0081
Vulnerability from variot - Updated: 2023-12-18 14:01The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. PolycomTrio is a Trio series of business conference phones from Polycom. The Bluetoothsubsystem is one of the Bluetooth subsystems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trio 8500",
"scope": "lt",
"trust": 1.8,
"vendor": "polycom",
"version": "5.5.4"
},
{
"model": "trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "NVD",
"id": "CVE-2018-14934"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:trio_8500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:trio_8500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14934"
}
]
},
"cve": "CVE-2018-14934",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14934",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-07009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14934",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14934",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-07009",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-510",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "NVD",
"id": "CVE-2018-14934"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. PolycomTrio is a Trio series of business conference phones from Polycom. The Bluetoothsubsystem is one of the Bluetooth subsystems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14934"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "CNVD",
"id": "CNVD-2019-07009"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14934",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-07009",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-510",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "NVD",
"id": "CVE-2018-14934"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
]
},
"id": "VAR-201811-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
}
],
"trust": 1.1555556
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
}
]
},
"last_update_date": "2023-12-18T14:01:03.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bluetooth Authentication Weakness Found in Trio ? Bulletin Version 1.0",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/bluetooth-authentication-weakness-trio.pdf"
},
{
"title": "PolycomTrio improper access control vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/156045"
},
{
"title": "Polycom Trio Bluetooth Subsystem security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86907"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "NVD",
"id": "CVE-2018-14934"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/bluetooth-authentication-weakness-trio.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14934"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14934"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "NVD",
"id": "CVE-2018-14934"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"db": "NVD",
"id": "CVE-2018-14934"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"date": "2019-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"date": "2018-11-15T20:29:00.240000",
"db": "NVD",
"id": "CVE-2018-14934"
},
{
"date": "2018-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07009"
},
{
"date": "2019-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012364"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-14934"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom Trio device Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012364"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-510"
}
],
"trust": 0.6
}
}
VAR-201810-0187
Vulnerability from variot - Updated: 2023-12-18 13:48Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains a certificate validation vulnerability.Information may be obtained. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vvx 500",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "vvx 601",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "vvx 500",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "vvx 601",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "unified communications software",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.8.0.12848"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.0.12848",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:vvx_601_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx_601:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:vvx_500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18568"
}
]
},
"cve": "CVE-2018-18568",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18568",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-129140",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-18568",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18568",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1239",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129140",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains a certificate validation vulnerability.Information may be obtained. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"db": "VULHUB",
"id": "VHN-129140"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18568",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011334",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1239",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "149939",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-129140",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
]
},
"id": "VAR-201810-0187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129140"
}
],
"trust": 0.47019232
},
"last_update_date": "2023-12-18T13:48:09.499000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Polycom UC Software",
"trust": 0.8,
"url": "http://www.polycom.com/voice-conferencing-solutions/uc-software.html"
},
{
"title": "Polycom VVX 500",
"trust": 0.8,
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx500.html"
},
{
"title": "Polycom VVX 601",
"trust": 0.8,
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx601.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"db": "NVD",
"id": "CVE-2018-18568"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-027.txt"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2018/oct/36"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18568"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18568"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-129140"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"date": "2018-10-24T22:29:01.790000",
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"date": "2018-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-129140"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011334"
},
{
"date": "2021-06-15T15:04:16.860000",
"db": "NVD",
"id": "CVE-2018-18568"
},
{
"date": "2021-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom VVX 500 and 601 Device validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1239"
}
],
"trust": 0.6
}
}
VAR-201708-0153
Vulnerability from variot - Updated: 2023-12-18 13:38Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. Polycom BToE Connector Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomBToEConnector is a BToE connector developed by Polycom Corporation of the United States. A security vulnerability exists in versions prior to PolycomBToEConnector 3.0.0 that caused the program to assign weak permissions to the (x86)\polycom\polycombtoeconnector\plcmbtoesrv.exe program file. A local attacker can exploit this vulnerability to gain access to a malicious file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "btoe connector",
"scope": "lt",
"trust": 1.4,
"vendor": "polycom",
"version": "3.0.0"
},
{
"model": "btoe connector",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "2.3.0"
},
{
"model": "btoe connector",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "2.3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:polycom:btoe_connector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8300"
}
]
},
"cve": "CVE-2015-8300",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-8300",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-30568",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-8300",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8300",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-30568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1170",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for \"Program Files (x86)\\polycom\\polycom btoe connector\\plcmbtoesrv.exe,\" which allows local users to gain privileges via a Trojan horse file. Polycom BToE Connector Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomBToEConnector is a BToE connector developed by Polycom Corporation of the United States. A security vulnerability exists in versions prior to PolycomBToEConnector 3.0.0 that caused the program to assign weak permissions to the (x86)\\\\polycom\\\\polycombtoeconnector\\\\plcmbtoesrv.exe program file. A local attacker can exploit this vulnerability to gain access to a malicious file",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "CNVD",
"id": "CNVD-2017-30568"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8300",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "134523",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-30568",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1170",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"id": "VAR-201708-0153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
}
],
"trust": 0.99102563
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
}
]
},
"last_update_date": "2023-12-18T13:38:54.305000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BToE Connector",
"trust": 0.8,
"url": "http://support.polycom.com/polycomservice/support/us/support/eula/ucs/ucagreement_btoe.html"
},
{
"title": "Patch for PolycomBToEConnector Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/103973"
},
{
"title": "Polycom BToE Connector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74306"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-275",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "NVD",
"id": "CVE-2015-8300"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/134523/polycom-btoe-connector-2.3.0-local-privilege-escalation.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2015/nov/88"
},
{
"trust": 1.0,
"url": "https://github.com/sbaresearch/advisories/tree/public/2015/polycom_20150513"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8300"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"date": "2017-08-28T21:29:00.200000",
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30568"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007817"
},
{
"date": "2018-09-26T21:29:00.587000",
"db": "NVD",
"id": "CVE-2015-8300"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom BToE Connector Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1170"
}
],
"trust": 0.6
}
}
VAR-201803-2237
Vulnerability from variot - Updated: 2023-12-18 13:38CSRF exists on Polycom QDX 6000 devices. Polycom QDX 6000 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomQDX6000devices is a video conferencing terminal device from Polycom. The Webapplicationinterface is one of the web application interfaces. A cross-site request forgery vulnerability exists in the Webapplication interface in the PolycomQDX6000 device. A remote attacker can exploit this vulnerability to change any configuration settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2237",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qdx 6000",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "qdx 6000",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "qdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "6000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:qdx_6000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:qdx_6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7565"
}
]
},
"cve": "CVE-2018-7565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7565",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-06506",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-137597",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7565",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7565",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-06506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-188",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137597",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "VULHUB",
"id": "VHN-137597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSRF exists on Polycom QDX 6000 devices. Polycom QDX 6000 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomQDX6000devices is a video conferencing terminal device from Polycom. The Webapplicationinterface is one of the web application interfaces. A cross-site request forgery vulnerability exists in the Webapplication interface in the PolycomQDX6000 device. A remote attacker can exploit this vulnerability to change any configuration settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "VULHUB",
"id": "VHN-137597"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7565",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-06506",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-188",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137597",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "VULHUB",
"id": "VHN-137597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
]
},
"id": "VAR-201803-2237",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "VULHUB",
"id": "VHN-137597"
}
],
"trust": 1.2089286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
}
]
},
"last_update_date": "2023-12-18T13:38:41.956000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vulnerabilities in Polycom QDX 6000 - Version 1.0",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf"
},
{
"title": "Patch for PolycomQDX6000 Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/123631"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"db": "NVD",
"id": "CVE-2018-7565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-vulnerabilities-qdx-6000-1-0.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7565"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7565"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "VULHUB",
"id": "VHN-137597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"db": "VULHUB",
"id": "VHN-137597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"date": "2018-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-137597"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"date": "2018-03-07T20:29:00.420000",
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"date": "2018-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06506"
},
{
"date": "2018-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-137597"
},
{
"date": "2018-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002580"
},
{
"date": "2018-03-26T18:20:26.557000",
"db": "NVD",
"id": "CVE-2018-7565"
},
{
"date": "2018-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom QDX 6000 Device cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002580"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-188"
}
],
"trust": 0.6
}
}
VAR-201811-0082
Vulnerability from variot - Updated: 2023-12-18 13:28The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. Polycom Trio The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PolycomTrio is a Trio series of business conference phones from Polycom. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trio 8500",
"scope": "lt",
"trust": 1.8,
"vendor": "polycom",
"version": "5.5.4"
},
{
"model": "trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "NVD",
"id": "CVE-2018-14935"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:trio_8500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:trio_8500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14935"
}
]
},
"cve": "CVE-2018-14935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-14935",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-07010",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-14935",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14935",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-07010",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-511",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "NVD",
"id": "CVE-2018-14935"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. Polycom Trio The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PolycomTrio is a Trio series of business conference phones from Polycom. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "CNVD",
"id": "CNVD-2019-07010"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14935",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-07010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201811-511",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "NVD",
"id": "CVE-2018-14935"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
]
},
"id": "VAR-201811-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
}
],
"trust": 1.1555556
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
}
]
},
"last_update_date": "2023-12-18T13:28:42.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Stored Cross-Site Scripting Found in Trio-Bulletin Version 1.0",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/stored-cross-site-scripting-in-trio.pdf"
},
{
"title": "Patch for PolycomTrio Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/156071"
},
{
"title": "Polycom Trio Web Fixes for the Management Console Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86908"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "NVD",
"id": "CVE-2018-14935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/stored-cross-site-scripting-in-trio.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14935"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14935"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "NVD",
"id": "CVE-2018-14935"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"db": "NVD",
"id": "CVE-2018-14935"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"date": "2019-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"date": "2018-11-15T20:29:00.287000",
"db": "NVD",
"id": "CVE-2018-14935"
},
{
"date": "2018-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07010"
},
{
"date": "2019-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012099"
},
{
"date": "2018-12-17T15:53:42.077000",
"db": "NVD",
"id": "CVE-2018-14935"
},
{
"date": "2018-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom Trio Device site software cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012099"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-511"
}
],
"trust": 0.6
}
}
VAR-201906-1095
Vulnerability from variot - Updated: 2023-12-18 13:23VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information. Polycom UCS software is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Polycom UCS software versions prior to 5.9.2 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.8,
"vendor": "polycom",
"version": "5.9.2"
},
{
"model": "better together over ethernet connector",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "3.9.1"
},
{
"model": "btoe connector",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "3.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4500"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4110"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4100"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3500"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3110"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3100"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx2500"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx1500"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.9.2"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.8.4"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.7.4"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.6.5"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.5.4"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.4.7"
},
{
"model": "uc software",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "6.0"
},
{
"model": "uc software",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "5.9.3"
}
],
"sources": [
{
"db": "BID",
"id": "108799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "NVD",
"id": "CVE-2019-10689"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:polycom:better_together_over_ethernet_connector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.9.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Timon Hackenjos from FZI Research Center for Information Technology.",
"sources": [
{
"db": "BID",
"id": "108799"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
],
"trust": 0.9
},
"cve": "CVE-2019-10689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10689",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10689",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10689",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-687",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "NVD",
"id": "CVE-2019-10689"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the BToE application and the BToE component, resulting in leakage of sensitive information. Polycom UCS software is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that may aid in further attacks. \nPolycom UCS software versions prior to 5.9.2 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "BID",
"id": "108799"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10689",
"trust": 2.7
},
{
"db": "BID",
"id": "108799",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005765",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-687",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "108799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "NVD",
"id": "CVE-2019-10689"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
]
},
"id": "VAR-201906-1095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.380608975
},
"last_update_date": "2023-12-18T13:23:40.909000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY ADVISORY - Insufficient authentication resulting in information leakage on VVX products - Advisory Version 1.1",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
},
{
"title": "Polycom UC Software Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93879"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "NVD",
"id": "CVE-2019-10689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/insufficient-authentication-leakage-vvx-products.pdf"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/108799"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10689"
},
{
"trust": 0.9,
"url": "https://www.polycom.com/.html?ss=false"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10689"
}
],
"sources": [
{
"db": "BID",
"id": "108799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "NVD",
"id": "CVE-2019-10689"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "108799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"db": "NVD",
"id": "CVE-2019-10689"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-17T00:00:00",
"db": "BID",
"id": "108799"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"date": "2019-06-24T22:15:08.960000",
"db": "NVD",
"id": "CVE-2019-10689"
},
{
"date": "2019-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-17T00:00:00",
"db": "BID",
"id": "108799"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005765"
},
{
"date": "2019-06-27T17:26:21.897000",
"db": "NVD",
"id": "CVE-2019-10689"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UCS Software and Better Together over Ethernet Connector Authentication vulnerabilities in applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-687"
}
],
"trust": 0.6
}
}
VAR-201810-0185
Vulnerability from variot - Updated: 2023-12-18 13:08The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains an information disclosure vulnerability.Information may be obtained. Polycom VVX is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Polycom VVX 500/601 version 5.8.0.12848 and prior are vulnerable. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company. SIP service is one of the SIP (Session Initiation Protocol) services. The SIP service in Polycom VVX 500 and 601 5.8.0.12848 and earlier versions has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vvx 500",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "vvx 601",
"scope": "eq",
"trust": 1.6,
"vendor": "polycom",
"version": null
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "vvx 500",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "vvx 601",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": "unified communications software",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.8.0.12848"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.8.0.12848"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6015.4.0.10182"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.8.0.12848"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5005.4.0.10182"
}
],
"sources": [
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.0.12848",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:vvx_601_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx_601:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:vvx_500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18566"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Micha Borrmann (SySS GmbH)",
"sources": [
{
"db": "BID",
"id": "105746"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18566",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18566",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-129138",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-18566",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18566",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1237",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129138",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains an information disclosure vulnerability.Information may be obtained. Polycom VVX is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that may aid in further attacks. \nPolycom VVX 500/601 version 5.8.0.12848 and prior are vulnerable. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company. SIP service is one of the SIP (Session Initiation Protocol) services. The SIP service in Polycom VVX 500 and 601 5.8.0.12848 and earlier versions has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "VULHUB",
"id": "VHN-129138"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18566",
"trust": 2.8
},
{
"db": "BID",
"id": "105746",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "149944",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-129138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"id": "VAR-201810-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
}
],
"trust": 0.47019232
},
"last_update_date": "2023-12-18T13:08:17.320000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Polycom UC Software",
"trust": 0.8,
"url": "http://www.polycom.com/voice-conferencing-solutions/uc-software.html"
},
{
"title": "Polycom VVX 500",
"trust": 0.8,
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx500.html"
},
{
"title": "Polycom VVX 601",
"trust": 0.8,
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/business-media-phones/vvx601.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-028.txt"
},
{
"trust": 2.0,
"url": "https://seclists.org/bugtraq/2018/oct/33"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105746"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18566"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18566"
},
{
"trust": 0.3,
"url": "http://www.polycom.co.in/products-services/voice/desktop-solutions/realpresence-desktop-vvx-business-media-phones.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129138"
},
{
"db": "BID",
"id": "105746"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-129138"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105746"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"date": "2018-10-24T22:29:01.510000",
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"date": "2018-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-129138"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105746"
},
{
"date": "2019-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011333"
},
{
"date": "2021-06-15T15:04:36.357000",
"db": "NVD",
"id": "CVE-2018-18566"
},
{
"date": "2021-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom VVX 500 and 601 Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1237"
}
],
"trust": 0.6
}
}
VAR-201908-0894
Vulnerability from variot - Updated: 2023-12-18 12:50On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. Polycom Obihai Obi1022 VoIP phone Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Polycom Obihai Obi1022 VoIP phone is an IP phone of American Polycom (Polycom) company. A command injection vulnerability exists in the Polycom Obihai Obi1022 VoIP phone with firmware version 5.1.11. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0894",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "obihai obi1022",
"scope": "eq",
"trust": 1.8,
"vendor": "polycom",
"version": "5.1.11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"db": "NVD",
"id": "CVE-2019-14259"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:obihai_obi1022_firmware:5.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:obihai_obi1022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14259"
}
]
},
"cve": "CVE-2019-14259",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.7,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-14259",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-146187",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-14259",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-14259",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-146187",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146187"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"db": "NVD",
"id": "CVE-2019-14259"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the \"Time Service Settings web\" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. Polycom Obihai Obi1022 VoIP phone Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Polycom Obihai Obi1022 VoIP phone is an IP phone of American Polycom (Polycom) company. A command injection vulnerability exists in the Polycom Obihai Obi1022 VoIP phone with firmware version 5.1.11. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14259"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"db": "VULHUB",
"id": "VHN-146187"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14259",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007419",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-066",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-146187",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146187"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"db": "NVD",
"id": "CVE-2019-14259"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
]
},
"id": "VAR-201908-0894",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-146187"
}
],
"trust": 0.47019232
},
"last_update_date": "2023-12-18T12:50:09.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Polycom OBi",
"trust": 0.8,
"url": "https://www.polycom.com/voice-conferencing-solutions/obi-software.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146187"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"db": "NVD",
"id": "CVE-2019-14259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.sit.fraunhofer.de/fileadmin/dokumente/cve/advisory_obihai_obi1002.pdf?_=1563787869"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14259"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14259"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146187"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"db": "NVD",
"id": "CVE-2019-14259"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-146187"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"db": "NVD",
"id": "CVE-2019-14259"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-146187"
},
{
"date": "2019-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"date": "2019-08-01T15:15:14.937000",
"db": "NVD",
"id": "CVE-2019-14259"
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-146187"
},
{
"date": "2019-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007419"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-14259"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom Obihai Obi1022 VoIP phone Command injection vulnerability in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-066"
}
],
"trust": 0.6
}
}
VAR-201708-1101
Vulnerability from variot - Updated: 2023-12-18 12:44Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. Polycom UCS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomSoundStationIP, VVX and RealPresenceTrio are products of Polycom Corporation of the United States. PolycomSoundStationIP is an IP phone; VVX is a video conferencing phone; RealPresenceTrio is a smart multimedia device. An information disclosure vulnerability exists in UCS in PolycomSoundStationIP, VVX, and RealPresenceTrio
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "4.0.11"
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.4.4"
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.5.1"
},
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "5.4.6"
},
{
"model": "unified communications software",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "\u003cucs",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx4.0.12"
},
{
"model": "rev ag",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "vvx\u003c5.6.0"
},
{
"model": "realpresence trio \u003cucs",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "4.0.12"
},
{
"model": "realpresence trio rev ag",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.5"
},
{
"model": "realpresence trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.7"
},
{
"model": "realpresence trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.2"
},
{
"model": "realpresence trio",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.6.0"
},
{
"model": "soundstation ip rev ag",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.5"
},
{
"model": "soundstation ip \u003cucs",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "4.0.12"
},
{
"model": "soundstation ip",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.7"
},
{
"model": "soundstation ip",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.2"
},
{
"model": "soundstation ip",
"scope": "lt",
"trust": 0.6,
"vendor": "polycom",
"version": "5.6.0"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "4.0.11"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.4"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.4.6"
},
{
"model": "unified communications software",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "5.5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:soundstation_ip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:vvx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:polycom:realpresence_trio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12857"
}
]
},
"cve": "CVE-2017-12857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12857",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-30594",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12857",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12857",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-30594",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-627",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone\u0027s memory which could contain an administrator\u0027s password or other sensitive information. Polycom UCS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomSoundStationIP, VVX and RealPresenceTrio are products of Polycom Corporation of the United States. PolycomSoundStationIP is an IP phone; VVX is a video conferencing phone; RealPresenceTrio is a smart multimedia device. An information disclosure vulnerability exists in UCS in PolycomSoundStationIP, VVX, and RealPresenceTrio",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "CNVD",
"id": "CNVD-2017-30594"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12857",
"trust": 3.0
},
{
"db": "SECTRACK",
"id": "1039309",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-30594",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"id": "VAR-201708-1101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
}
],
"trust": 0.97301587
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
}
]
},
"last_update_date": "2023-12-18T12:44:28.030000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory Relating to Information Disclosure Vulnerability on Polycom UCS-Based Products",
"trust": 0.8,
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
},
{
"title": "Patch for PolycomSoundStationIP, VVX, and RealPresenceTrioUCS Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/103969"
},
{
"title": "Polycom SoundStation IP , VVX and RealPresence Trio UCS Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74004"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/security-advisory-information-disclosure-on-polycom-voice-products-v1.0.pdf"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1039309"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12857"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12857"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"date": "2017-08-25T19:29:00.270000",
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"date": "2017-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30594"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007687"
},
{
"date": "2017-09-13T01:29:08.583000",
"db": "NVD",
"id": "CVE-2017-12857"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom UCS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007687"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-627"
}
],
"trust": 0.6
}
}
VAR-201904-1101
Vulnerability from variot - Updated: 2023-12-18 12:28VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device. Polycom UC Software is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to gain sensitive information from the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified communications software",
"scope": "lte",
"trust": 1.8,
"vendor": "polycom",
"version": "5.8.0"
},
{
"model": "better together over ethernet connector",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "3.8.0"
},
{
"model": "btoe connector",
"scope": "eq",
"trust": 0.8,
"vendor": "polycom",
"version": "3.8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx6000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx5000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4500"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4110"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4100"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx4000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3500"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3110"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3100"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx3000"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx2500"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx2010"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "vvx1500"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.9.2"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.8.4"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.7.4"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.6.5"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.5.4"
},
{
"model": "uc software",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "5.4.7"
},
{
"model": "uc software",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "6.0"
},
{
"model": "uc software",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "5.9.3"
}
],
"sources": [
{
"db": "BID",
"id": "108800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "NVD",
"id": "CVE-2019-10688"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:polycom:unified_communications_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:polycom:better_together_over_ethernet_connector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philipp Buchegger from SySS GmbH",
"sources": [
{
"db": "BID",
"id": "108800"
}
],
"trust": 0.3
},
"cve": "CVE-2019-10688",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10688",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10688",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10688",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1072",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "NVD",
"id": "CVE-2019-10688"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device. Polycom UC Software is prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to gain sensitive information from the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "BID",
"id": "108800"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10688",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004331",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1072",
"trust": 0.6
},
{
"db": "BID",
"id": "108800",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "108800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "NVD",
"id": "CVE-2019-10688"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
]
},
"id": "VAR-201904-1101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.380608975
},
"last_update_date": "2023-12-18T12:28:23.292000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY ADVISORY - Hard-coded credentials vulnerability in VVX products - Advisory Version 1.0",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
},
{
"title": "VVX Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91917"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "NVD",
"id": "CVE-2019-10688"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/hard-coded-credentials-vulnerability-in-vvx-products.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10688"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10688"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "BID",
"id": "108800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "NVD",
"id": "CVE-2019-10688"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "108800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"db": "NVD",
"id": "CVE-2019-10688"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-23T00:00:00",
"db": "BID",
"id": "108800"
},
{
"date": "2019-05-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"date": "2019-04-23T21:29:00.333000",
"db": "NVD",
"id": "CVE-2019-10688"
},
{
"date": "2019-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-23T00:00:00",
"db": "BID",
"id": "108800"
},
{
"date": "2019-05-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004331"
},
{
"date": "2019-06-17T16:15:11.653000",
"db": "NVD",
"id": "CVE-2019-10688"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "108800"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UCS Software and Better Together over Ethernet Connector Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1072"
}
],
"trust": 0.6
}
}
VAR-201905-0784
Vulnerability from variot - Updated: 2023-12-18 12:28An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. plural Polycom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0784",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "group series",
"scope": "lte",
"trust": 1.8,
"vendor": "polycom",
"version": "6.1.6.1"
},
{
"model": "pano",
"scope": "lte",
"trust": 1.8,
"vendor": "polycom",
"version": "1.1.1"
},
{
"model": "hdx",
"scope": "lte",
"trust": 1.0,
"vendor": "polycom",
"version": "3.1.12"
},
{
"model": "hdx system software",
"scope": "lte",
"trust": 0.8,
"vendor": "polycom",
"version": "3.1.12"
},
{
"model": "pano",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "1.1.1"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "3.1.12"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.6"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.5"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.4"
},
{
"model": "group series",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.3"
},
{
"model": "group series",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "6.1.7"
}
],
"sources": [
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:polycom:group_series:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:polycom:pano:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:polycom:hdx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Frank Cozijnsen from KPN",
"sources": [
{
"db": "BID",
"id": "108430"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-15128",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15128",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15128",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-301",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-15128",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. plural Polycom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "VULMON",
"id": "CVE-2018-15128"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15128",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301",
"trust": 0.6
},
{
"db": "BID",
"id": "108430",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2018-15128",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"id": "VAR-201905-0784",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.31323528
},
"last_update_date": "2023-12-18T12:28:16.643000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY BULLETIN - Remote Code Execution Vulnerability Found in Group Series - Bulletin Version 1.0",
"trust": 0.8,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
},
{
"title": "Polycom Group Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92478"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/remote-code-exectuion-vulnerability-group-series.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15128"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15128"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"db": "BID",
"id": "108430"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "108430"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"date": "2019-05-13T14:29:00.440000",
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"date": "2019-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15128"
},
{
"date": "2018-11-01T00:00:00",
"db": "BID",
"id": "108430"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015419"
},
{
"date": "2019-05-14T16:54:49.163000",
"db": "NVD",
"id": "CVE-2018-15128"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Polycom Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-301"
}
],
"trust": 0.6
}
}
VAR-200402-0049
Vulnerability from variot - Updated: 2023-12-18 12:24Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution. Microsoft ISA Server Is operating in cache mode, Microsoft Firewall Service Is disabled by default and is not affected by this issue. In addition, H.323 Vulnerabilities related to this vulnerability have been confirmed in other systems that implement the protocol. For other system information, NISCC-006489 (JVN) , NISCC Advisory 006489/h323(CPNI Advisory 00387) Please check also. Caution: Of this vulnerability CVSS The basic value is " Microsoft ISA Server " Is calculated for. Other systems are not considered.According to the information provided by Microsoft, Microsoft ISA Server Is specific H.323 If traffic is handled, arbitrary code may be executed. Also, H.323 Service disruption for other systems that implement the protocol (DoS) An attacker may be attacked or a third party may be able to execute arbitrary code remotely. The condition presents itself due to insufficient boundary checks performed by the Microsoft Firewall Service on specially crafted H.323 traffic. This may lead to complete control of the vulnerable system. -----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities
Original release date: January 13, 2004 Last revised: -- Source: CERT/CC, NISCC
A complete revision history can be found at the end of this file.
I. Description
The U.K. H.323 is an international standard protocol, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. Examples of such systems include VoIP, video-conferencing equipment, and network devices that manage H.323 traffic. A test suite developed by NISCC and the University of Oulu Security Programming Group (OUSPG) has exposed multiple vulnerabilities in a variety of implementations of the H.323 protocol (specifically its connection setup sub-protocol H.225.0).
Information about individual vendor H.323 implementations is available in the Vendor Information section below, and in the Vendor Information section of NISCC Vulnerability Advisory 006489/H323.
The U.K. National Infrastructure Security Co-ordination Centre is tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is tracking this issue as VU#749342. This reference number corresponds to CVE candidate CAN-2003-0819, as referenced in Microsoft Security Bulletin MS04-001.
II.
III. Solution
Apply a patch or upgrade
Appendix A and the Systems Affected section of Vulnerability Note VU#749342 contain information provided by vendors for this advisory (http://www.kb.cert.org/vuls/id/749342#systems).
However, as vendors report new information to the CERT/CC, we will only update VU#749342. If a particular vendor is not listed, we have not received their comments. Please contact your vendor directly.
Filter network traffic
Sites are encouraged to apply network packet filters to block access to the H.323 services at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be filtered include
* 1720/TCP
* 1720/UDP
If access cannot be filtered at the network perimeter, the CERT/CC recommends limiting access to only those external hosts that require H.323 for normal operation. As a general rule, filtering all types of network traffic that are not required for normal operation is recommended.
It is important to note that some firewalls process H.323 packets and may themselves be vulnerable to attack. As noted in some vendor recommendations like Cisco Security Advisory 20040113-h323 and Microsoft Security Bulletin MS04-001, certain sites may actually want to disable application layer inspection of H.323 network packets.
Protecting your infrastructure against these vulnerabilities may require careful coordination among application, computer, network, and telephony administrators. You may have to make tradeoffs between security and functionality until vulnerable products can be updated.
Appendix A. Please see the Systems Affected section of Vulnerability Note VU#749342 and the Vendor Information section of NISCC Vulnerability Advisory 006489/H323 for the latest information regarding the response of the vendor community to this issue.
3Com
No statement is currently available from the vendor regarding this
vulnerability.
Alcatel
No statement is currently available from the vendor regarding this
vulnerability.
Apple Computer Inc.
Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain
the issue described in this note.
AT&T
No statement is currently available from the vendor regarding this
vulnerability.
Avaya
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Borderware
No statement is currently available from the vendor regarding this
vulnerability.
Check Point
No statement is currently available from the vendor regarding this
vulnerability.
BSDI
No statement is currently available from the vendor regarding this
vulnerability.
Cisco Systems Inc.
Please see
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
Clavister
No statement is currently available from the vendor regarding this
vulnerability.
Computer Associates
No statement is currently available from the vendor regarding this
vulnerability.
Cyberguard
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Debian
No statement is currently available from the vendor regarding this
vulnerability.
D-Link Systems
No statement is currently available from the vendor regarding this
vulnerability.
Conectiva
No statement is currently available from the vendor regarding this
vulnerability.
EMC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Engarde
No statement is currently available from the vendor regarding this
vulnerability.
eSoft
We don't have an H.323 implementation and thus aren't affected by
this.
Extreme Networks
No statement is currently available from the vendor regarding this
vulnerability.
F5 Networks
No statement is currently available from the vendor regarding this
vulnerability.
Foundry Networks Inc.
No statement is currently available from the vendor regarding this
vulnerability.
FreeBSD
No statement is currently available from the vendor regarding this
vulnerability.
Fujitsu
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Global Technology Associates
No statement is currently available from the vendor regarding this
vulnerability.
Hitachi
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Hewlett-Packard Company
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Ingrian Networks
No statement is currently available from the vendor regarding this
vulnerability.
Intel
No statement is currently available from the vendor regarding this
vulnerability.
Intoto
No statement is currently available from the vendor regarding this
vulnerability.
Juniper Networks
No statement is currently available from the vendor regarding this
vulnerability.
Lachman
No statement is currently available from the vendor regarding this
vulnerability.
Linksys
No statement is currently available from the vendor regarding this
vulnerability.
Lotus Software
No statement is currently available from the vendor regarding this
vulnerability.
Lucent Technologies
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Microsoft Corporation
Please see
http://www.microsoft.com/technet/security/bulletin/MS04-001.asp
MontaVista Software
No statement is currently available from the vendor regarding this
vulnerability.
MandrakeSoft
No statement is currently available from the vendor regarding this
vulnerability.
Multi-Tech Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
NEC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
NetBSD
NetBSD does not ship any H.323 implementations as part of the
Operating System.
There are a number of third-party implementations available in the
pkgsrc system. As these products are found to be vulnerable, or
updated, the packages will be updated accordingly. The
audit-packages mechanism can be used to check for known-vulnerable
package versions.
Netfilter
No statement is currently available from the vendor regarding this
vulnerability.
NetScreen
No statement is currently available from the vendor regarding this
vulnerability.
Network Appliance
No statement is currently available from the vendor regarding this
vulnerability.
Nokia
No statement is currently available from the vendor regarding this
vulnerability.
Nortel Networks
The following Nortel Networks Generally Available products and
solutions are potentially affected by the vulnerabilities
identified in NISCC Vulnerability Advisory 006489/H323 and CERT
VU#749342:
Business Communications Manager (BCM) (all versions) is potentially
affected; more information is available in Product Advisory Alert
No. PAA 2003-0392-Global.
Succession 1000 IP Trunk and IP Peer Networking, and 802.11
Wireless IP Gateway are potentially affected; more information is
available in Product Advisory Alert No. PAA-2003-0465-Global.
For more information please contact
North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009,
or +44 (0) 870 907 9009
Contacts for other regions are available at
http://www.nortelnetworks.com/help/contact/global/
Or visit the eService portal at http://www.nortelnetworks.com/cs
under Advanced Search.
If you are a channel partner, more information can be found under
http://www.nortelnetworks.com/pic
under Advanced Search.
Novell
No statement is currently available from the vendor regarding this
vulnerability.
Objective Systems Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
OpenBSD
No statement is currently available from the vendor regarding this
vulnerability.
Openwall GNU/*/Linux
No statement is currently available from the vendor regarding this
vulnerability.
RadVision
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Red Hat Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Oracle Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Riverstone Networks
No statement is currently available from the vendor regarding this
vulnerability.
Secure Computing Corporation
No statement is currently available from the vendor regarding this
vulnerability.
SecureWorks
No statement is currently available from the vendor regarding this
vulnerability.
Sequent
No statement is currently available from the vendor regarding this
vulnerability.
Sony Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Stonesoft
No statement is currently available from the vendor regarding this
vulnerability.
Sun Microsystems Inc.
Sun SNMP does not provide support for H.323, so we are not
vulnerable. And so far we have not found any bundled products that
are affected by this vulnerability. We are also actively
investigating our unbundled products to see if they are affected.
Updates will be provided to this statement as they become
available.
SuSE Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Symantec Corporation
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Unisys
No statement is currently available from the vendor regarding this
vulnerability.
TandBerg
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Tumbleweed Communications Corp.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
TurboLinux
No statement is currently available from the vendor regarding this
vulnerability.
uniGone
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
WatchGuard
No statement is currently available from the vendor regarding this
vulnerability.
Wirex
No statement is currently available from the vendor regarding this
vulnerability.
Wind River Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Xerox
No statement is currently available from the vendor regarding this
vulnerability.
ZyXEL
No statement is currently available from the vendor regarding this
vulnerability.
_________________________________________________________________
The CERT Coordination Center thanks the NISCC Vulnerability Management Team and the University of Oulu Security Programming Group (OUSPG) for coordinating the discovery and release of the technical details of this issue. ___________
Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. McDowell, Shawn V. Hernan and Jason A. Rafail
This document is available from: http://www.cert.org/advisories/CA-2004-01.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright 2004 Carnegie Mellon University.
Revision History January 13, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT BfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh AP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77 KeVgAqcfP2M= =p0GQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200402-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios 12.0",
"scope": null,
"trust": 5.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": null,
"trust": 3.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": null,
"trust": 2.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s7",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s1",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "proxy server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "ios 12.0 s8",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e8",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e7",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "radvision",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tandberg",
"version": null
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng fp2"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng with application intelligence"
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng with application intelligence (r55)"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "7"
},
{
"model": "internet security and acceleration server",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "pathnavigator",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "vpn-1/firewall-1",
"scope": "eq",
"trust": 0.8,
"vendor": "check point",
"version": "ng fp3"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "3d 1.0 (solaris 8"
},
{
"model": "soundstation ip",
"scope": "eq",
"trust": 0.8,
"vendor": "polycom",
"version": "3000"
},
{
"model": "viewstation",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "viavideo",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "soundpoint ip",
"scope": "eq",
"trust": 0.8,
"vendor": "polycom",
"version": "500"
},
{
"model": "viavideo ii",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "mgc",
"scope": "eq",
"trust": 0.8,
"vendor": "polycom",
"version": "25/50/100"
},
{
"model": "ipower",
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "3.2 (solaris 2.6"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 for )"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8"
},
{
"model": "soundpoint ip",
"scope": "eq",
"trust": 0.8,
"vendor": "polycom",
"version": "400"
},
{
"model": "vsx",
"scope": "eq",
"trust": 0.8,
"vendor": "polycom",
"version": "7000"
},
{
"model": "ios 12.0 st7",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "isa server fp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "isa server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.0 s5a",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.1 aa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bx",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "isa server sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(22)"
},
{
"model": "opencall multiservice controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "ios 12.1 yh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 [ vpn des strong ] sp2 build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141716"
},
{
"model": "ios 12.2yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(1)"
},
{
"model": "ios 12.1 yf4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(7)"
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.4.7"
},
{
"model": "ios 12.1 yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(27)"
},
{
"model": "ios 11.3ha",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(5)"
},
{
"model": "ios 12.1xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(20)"
},
{
"model": "ios 12.2zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 t0a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1x",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yz2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(13)"
},
{
"model": "ios 12.0 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "4000"
},
{
"model": "ios 12.2 ya8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb15",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 11.3 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(14.5)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure host media processing software",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "1.0"
},
{
"model": "ios 12.0xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.1 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios t",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "ios 12.1xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(11)"
},
{
"model": "ios 12.1xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ze",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(18.4)"
},
{
"model": "ios 12.2 sl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "ios 12.1 e12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1000"
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet premier",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.1xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.0"
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(17)"
},
{
"model": "ios 12.1xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xy6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(8)"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xp4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e18",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.02"
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.3 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xv"
},
{
"model": "ios 12.1 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(8)"
},
{
"model": "pwlib-1.2.12-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications conference server",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(7)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 12.1xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(4)"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 t10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"model": "ios 12.0 st4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure pbx-ip media gateway",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "ios 12.0xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "ios 12.2 zh3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv3"
},
{
"model": "ios 12.1 yf2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.5.0"
},
{
"model": "point software firewall-1 [ vpn des strong ] build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141439"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.2"
},
{
"model": "ios 12.1 e14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2yk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software ng-ai",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(9)"
},
{
"model": "ios 12.2zd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.1 e16",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bts",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
},
{
"model": "ios 12.2 mx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(12.05)"
},
{
"model": "ios 12.2yn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1)"
},
{
"model": "ios 12.1 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e13",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 t5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios 12.1 yb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(28)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(3)"
},
{
"model": "ios 12.0 st5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3)"
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ios 12.2zg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xg5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.1 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xl4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1.1)"
},
{
"model": "netstructure ipt ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "internet service node",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(18.2)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xu1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv"
},
{
"model": "ios 12.0 s2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.137"
},
{
"model": "networks wireless ip gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "(802.11)"
},
{
"model": "ios 12.1yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv5"
},
{
"model": "sg203",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "ios 12.2 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(4)"
},
{
"model": "ios 12.1xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ios 12.1 ec3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3.2)"
},
{
"model": "ios 11.3da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ed",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.2 zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zb7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios 12.1xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.11"
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.2zj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.3.1"
},
{
"model": "ios 12.2 xm2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ye",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv4"
},
{
"model": "ios 12.1 xs2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 yw2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ym",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks business communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"model": "ios 12.1 xm7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "5000"
},
{
"model": "ios 12.2yw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure dmip ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "point software firewall-1 [ vpn des ]",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "+4.1"
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.146"
},
{
"model": "ios 12.2 yw3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(26)"
},
{
"model": "conference connection",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.1"
},
{
"model": "ios 12.2 xb11",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pwlib-1.3.3-5.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(9)"
},
{
"model": "ios 12.2 zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 sx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sunforum 3d",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.0"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "small business server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "small business server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20000"
},
{
"model": "proxy server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "proxy server",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "BID",
"id": "9408"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0819"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "University of Oulu Security Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0819",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0819",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0819",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#749342",
"trust": 0.8,
"value": "13.67"
},
{
"author": "CNNVD",
"id": "CNNVD-200402-061",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution. Microsoft ISA Server Is operating in cache mode, Microsoft Firewall Service Is disabled by default and is not affected by this issue. In addition, H.323 Vulnerabilities related to this vulnerability have been confirmed in other systems that implement the protocol. For other system information, NISCC-006489 (JVN) , NISCC Advisory 006489/h323(CPNI Advisory 00387) Please check also. Caution: Of this vulnerability CVSS The basic value is \" Microsoft ISA Server \" Is calculated for. Other systems are not considered.According to the information provided by Microsoft, Microsoft ISA Server Is specific H.323 If traffic is handled, arbitrary code may be executed. Also, H.323 Service disruption for other systems that implement the protocol (DoS) An attacker may be attacked or a third party may be able to execute arbitrary code remotely. The condition presents itself due to insufficient boundary checks performed by the Microsoft Firewall Service on specially crafted H.323 traffic. This may lead to complete control of the vulnerable system. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities\n\n Original release date: January 13, 2004\n Last revised: --\n Source: CERT/CC, NISCC\n\n A complete revision history can be found at the end of this file. \n\nI. Description\n\n The U.K. H.323 is\n an international standard protocol, published by the International\n Telecommunications Union, used to facilitate communication among\n telephony and multimedia systems. Examples of such systems include\n VoIP, video-conferencing equipment, and network devices that manage\n H.323 traffic. A test suite developed by NISCC and the University of\n Oulu Security Programming Group (OUSPG) has exposed multiple\n vulnerabilities in a variety of implementations of the H.323 protocol\n (specifically its connection setup sub-protocol H.225.0). \n\n Information about individual vendor H.323 implementations is available\n in the Vendor Information section below, and in the Vendor Information\n section of NISCC Vulnerability Advisory 006489/H323. \n\n The U.K. National Infrastructure Security Co-ordination Centre is\n tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is\n tracking this issue as VU#749342. This reference number corresponds to\n CVE candidate CAN-2003-0819, as referenced in Microsoft Security\n Bulletin MS04-001. \n\nII. \n\nIII. Solution\n\nApply a patch or upgrade\n\n Appendix A and the Systems Affected section of Vulnerability Note\n VU#749342 contain information provided by vendors for this advisory\n (\u003chttp://www.kb.cert.org/vuls/id/749342#systems\u003e). \n\n However, as vendors report new information to the CERT/CC, we will\n only update VU#749342. If a particular vendor is not listed, we have\n not received their comments. Please contact your vendor directly. \n\nFilter network traffic\n\n Sites are encouraged to apply network packet filters to block access\n to the H.323 services at network borders. This can minimize the\n potential of denial-of-service attacks originating from outside the\n perimeter. The specific services that should be filtered include\n\n * 1720/TCP\n * 1720/UDP\n\n If access cannot be filtered at the network perimeter, the CERT/CC\n recommends limiting access to only those external hosts that require\n H.323 for normal operation. As a general rule, filtering all types of\n network traffic that are not required for normal operation is\n recommended. \n\n It is important to note that some firewalls process H.323 packets and\n may themselves be vulnerable to attack. As noted in some vendor\n recommendations like Cisco Security Advisory 20040113-h323 and\n Microsoft Security Bulletin MS04-001, certain sites may actually want\n to disable application layer inspection of H.323 network packets. \n\n Protecting your infrastructure against these vulnerabilities may\n require careful coordination among application, computer, network, and\n telephony administrators. You may have to make tradeoffs between\n security and functionality until vulnerable products can be updated. \n\nAppendix A. Please see the Systems Affected section of Vulnerability\n Note VU#749342 and the Vendor Information section of NISCC\n Vulnerability Advisory 006489/H323 for the latest information\n regarding the response of the vendor community to this issue. \n\n3Com\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAlcatel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nApple Computer Inc. \n\n Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain\n the issue described in this note. \n\nAT\u0026T\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAvaya\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nBorderware\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCheck Point\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nBSDI\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCisco Systems Inc. \n\n Please see\n http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml\n\nClavister\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nComputer Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCyberguard\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nDebian\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nD-Link Systems\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nConectiva\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEMC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEngarde\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\neSoft\n\n We don\u0027t have an H.323 implementation and thus aren\u0027t affected by\n this. \n\nExtreme Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nF5 Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFoundry Networks Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFreeBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFujitsu\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nGlobal Technology Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nHitachi\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nHewlett-Packard Company\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nIngrian Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntoto\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nJuniper Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLachman\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLinksys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLotus Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLucent Technologies\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nMicrosoft Corporation\n\n Please see\n http://www.microsoft.com/technet/security/bulletin/MS04-001.asp\n\nMontaVista Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMandrakeSoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMulti-Tech Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNEC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetBSD\n\n NetBSD does not ship any H.323 implementations as part of the\n Operating System. \n\n There are a number of third-party implementations available in the\n pkgsrc system. As these products are found to be vulnerable, or\n updated, the packages will be updated accordingly. The\n audit-packages mechanism can be used to check for known-vulnerable\n package versions. \n\nNetfilter\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetScreen\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetwork Appliance\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNokia\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNortel Networks\n\n The following Nortel Networks Generally Available products and\n solutions are potentially affected by the vulnerabilities\n identified in NISCC Vulnerability Advisory 006489/H323 and CERT\n VU#749342:\n\n Business Communications Manager (BCM) (all versions) is potentially\n affected; more information is available in Product Advisory Alert\n No. PAA 2003-0392-Global. \n\n Succession 1000 IP Trunk and IP Peer Networking, and 802.11\n Wireless IP Gateway are potentially affected; more information is\n available in Product Advisory Alert No. PAA-2003-0465-Global. \n\n For more information please contact\n\n North America: 1-800-4NORTEL or 1-800-466-7835\n Europe, Middle East and Africa: 00800 8008 9009,\n or +44 (0) 870 907 9009\n\n Contacts for other regions are available at\n\n http://www.nortelnetworks.com/help/contact/global/\n\n Or visit the eService portal at http://www.nortelnetworks.com/cs\n under Advanced Search. \n\n If you are a channel partner, more information can be found under\n\n http://www.nortelnetworks.com/pic\n\n under Advanced Search. \n\nNovell\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nObjective Systems Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOpenBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nOpenwall GNU/*/Linux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRadVision\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nRed Hat Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOracle Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRiverstone Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecure Computing Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecureWorks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSequent\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSony Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nStonesoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSun Microsystems Inc. \n\n Sun SNMP does not provide support for H.323, so we are not\n vulnerable. And so far we have not found any bundled products that\n are affected by this vulnerability. We are also actively\n investigating our unbundled products to see if they are affected. \n Updates will be provided to this statement as they become\n available. \n\nSuSE Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSymantec Corporation\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nUnisys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nTandBerg\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTumbleweed Communications Corp. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTurboLinux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nuniGone\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nWatchGuard\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWirex\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWind River Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nXerox\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nZyXEL\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n _________________________________________________________________\n\n The CERT Coordination Center thanks the NISCC Vulnerability Management\n Team and the University of Oulu Security Programming Group (OUSPG) for\n coordinating the discovery and release of the technical details of\n this issue. \n _________________________________________________________________\n\n Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. \n McDowell, Shawn V. Hernan and Jason A. Rafail\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2004-01.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n ______________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2004 Carnegie Mellon University. \n\n Revision History\nJanuary 13, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT\nBfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh\nAP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77\nKeVgAqcfP2M=\n=p0GQ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "BID",
"id": "9408"
},
{
"db": "PACKETSTORM",
"id": "32511"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#749342",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2003-0819",
"trust": 3.0
},
{
"db": "BID",
"id": "9406",
"trust": 2.7
},
{
"db": "BID",
"id": "9408",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "10611",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1008698",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "10869",
"trust": 0.8
},
{
"db": "XF",
"id": "14167",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1008846",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000008",
"trust": 0.8
},
{
"db": "MS",
"id": "MS04-001",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:478",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2004-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200402-061",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "32511",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "BID",
"id": "9408"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
]
},
"id": "VAR-200402-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7558744
},
"last_update_date": "2023-12-18T12:24:36.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "H.323 Vulnerability",
"trust": 0.8,
"url": "http://www.checkpoint.com/services/techsupport/alerts/h323.html"
},
{
"title": "MS04-001",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-001.mspx"
},
{
"title": "CERT/NISCC Advisory - MGC",
"trust": 0.8,
"url": "http://www.polycom.com/common/pw_item_show_doc/0,,2752,00.pdf"
},
{
"title": "CERT/NISCC Advisory - PathNavigator",
"trust": 0.8,
"url": "http://www.polycom.com/common/pw_item_show_doc/0,,2749,00.pdf"
},
{
"title": "CERT/NISCC Advisory - SoundPoint IP/SoundStation IP",
"trust": 0.8,
"url": "http://www.polycom.com/common/pw_item_show_doc/0,,2750,00.pdf"
},
{
"title": "CERT/NISCC Advisory - Video Division",
"trust": 0.8,
"url": "http://www.polycom.com/common/pw_item_show_doc/0,,2751,00.pdf"
},
{
"title": "57476",
"trust": 0.8,
"url": "http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-57476-1"
},
{
"title": "57476",
"trust": 0.8,
"url": "http://jp.sunsolve.sun.com/search/document.do?assetkey=1-26-57476-3"
},
{
"title": "H.323 \u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.checkpoint.co.jp/techsupport/alerts/h323.html"
},
{
"title": "MS04-001",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms04-001.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"db": "NVD",
"id": "CVE-2003-0819"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm"
},
{
"trust": 2.8,
"url": "http://www.cert.org/advisories/ca-2004-01.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/9408"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/9406"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/749342"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/10611"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1008698"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-001"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a478"
},
{
"trust": 0.8,
"url": "http://www.itu.int/itudoc/itu-t/rec/h/h225-0.html"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-051.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0819"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040113-00387.xml"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040301.txtq"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040501.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040901.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-006489/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2004-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-060525/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trca-2004-01/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0819"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20040113-00387.pdf"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/10869/"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/jan/1008846.html"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/14167"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040114_112014.html"
},
{
"trust": 0.7,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-001.asp"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:478"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/h323.html"
},
{
"trust": 0.3,
"url": "http://support.fvc.com/eng/docs/misc_docs/h.323_security_bulletin.pdf"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/h323_hf.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101429-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=15871"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-001.asp"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/749342#systems\u003e)."
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/cs"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/pic"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "BID",
"id": "9408"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "BID",
"id": "9408"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2004-01-13T00:00:00",
"db": "BID",
"id": "9406"
},
{
"date": "2004-01-13T00:00:00",
"db": "BID",
"id": "9408"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"date": "2004-01-14T18:44:00",
"db": "PACKETSTORM",
"id": "32511"
},
{
"date": "2004-02-17T05:00:00",
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"date": "2004-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2007-11-15T00:39:00",
"db": "BID",
"id": "9406"
},
{
"date": "2009-07-12T02:06:00",
"db": "BID",
"id": "9408"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000008"
},
{
"date": "2018-10-12T21:33:24.757000",
"db": "NVD",
"id": "CVE-2003-0819"
},
{
"date": "2006-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "9406"
},
{
"db": "BID",
"id": "9408"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in H.323 implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200402-061"
}
],
"trust": 0.6
}
}
VAR-200402-0016
Vulnerability from variot - Updated: 2023-12-18 12:24Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution. H.323 Support protocol Cisco IOS(IOS Software release 11.3T Or later ) At H.323 Insufficient handling of messages. According to the information provided by the vendor, H.323 Supported by protocol Cisco IOS In addition to software, some Cisco IOS Products other than software are also affected. Also, IOS NAT And IOS Firewall ( CBAC ) May be affected for systems that have) enabled. Check the information provided by the vendor for more information. In addition, H.323 Vulnerabilities related to this vulnerability have been confirmed in other systems that implement the protocol. Remote attackers can use this vulnerability to conduct denial-of-service attacks on H.323-implemented devices and software, and may execute arbitrary instructions on the system with process privileges. The current investigation results are as follows: 3Com current supplier has no statement about this issue Alcatel current supplier has no statement about this issue Apple Computer Inc. Mac OS X and Mac OS X Server are not affected by this vulnerability AT&T Current supplier has no statement about this issue To make a statement Avaya can see NISCC Vulnerability Advisory 006489/H323:t http://www.uniras.gov.uk/vuls/2004/006489/h323.htm Borderware Current supplier has no statement on this issue Check Point Current supplier has no Statement on this issue BSDI The current supplier has no statement on this issue Cisco Systems Inc. -----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities
Original release date: January 13, 2004 Last revised: -- Source: CERT/CC, NISCC
A complete revision history can be found at the end of this file.
I. Description
The U.K. H.323 is an international standard protocol, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. Examples of such systems include VoIP, video-conferencing equipment, and network devices that manage H.323 traffic. A test suite developed by NISCC and the University of Oulu Security Programming Group (OUSPG) has exposed multiple vulnerabilities in a variety of implementations of the H.323 protocol (specifically its connection setup sub-protocol H.225.0).
The U.K. National Infrastructure Security Co-ordination Centre is tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is tracking this issue as VU#749342. This reference number corresponds to CVE candidate CAN-2003-0819, as referenced in Microsoft Security Bulletin MS04-001.
II.
III. Solution
Apply a patch or upgrade
Appendix A and the Systems Affected section of Vulnerability Note VU#749342 contain information provided by vendors for this advisory (http://www.kb.cert.org/vuls/id/749342#systems).
However, as vendors report new information to the CERT/CC, we will only update VU#749342. If a particular vendor is not listed, we have not received their comments. Please contact your vendor directly.
Filter network traffic
Sites are encouraged to apply network packet filters to block access to the H.323 services at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be filtered include
* 1720/TCP
* 1720/UDP
If access cannot be filtered at the network perimeter, the CERT/CC recommends limiting access to only those external hosts that require H.323 for normal operation. As a general rule, filtering all types of network traffic that are not required for normal operation is recommended.
It is important to note that some firewalls process H.323 packets and may themselves be vulnerable to attack. As noted in some vendor recommendations like Cisco Security Advisory 20040113-h323 and Microsoft Security Bulletin MS04-001, certain sites may actually want to disable application layer inspection of H.323 network packets.
Protecting your infrastructure against these vulnerabilities may require careful coordination among application, computer, network, and telephony administrators. You may have to make tradeoffs between security and functionality until vulnerable products can be updated.
Appendix A. Please see the Systems Affected section of Vulnerability Note VU#749342 and the Vendor Information section of NISCC Vulnerability Advisory 006489/H323 for the latest information regarding the response of the vendor community to this issue.
3Com
No statement is currently available from the vendor regarding this
vulnerability.
Alcatel
No statement is currently available from the vendor regarding this
vulnerability.
Apple Computer Inc.
Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain
the issue described in this note.
AT&T
No statement is currently available from the vendor regarding this
vulnerability.
Avaya
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Borderware
No statement is currently available from the vendor regarding this
vulnerability.
BSDI
No statement is currently available from the vendor regarding this
vulnerability.
Cisco Systems Inc.
Please see
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
Clavister
No statement is currently available from the vendor regarding this
vulnerability.
Computer Associates
No statement is currently available from the vendor regarding this
vulnerability.
Cyberguard
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Debian
No statement is currently available from the vendor regarding this
vulnerability.
D-Link Systems
No statement is currently available from the vendor regarding this
vulnerability.
Conectiva
No statement is currently available from the vendor regarding this
vulnerability.
EMC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Engarde
No statement is currently available from the vendor regarding this
vulnerability.
eSoft
We don't have an H.323 implementation and thus aren't affected by
this.
Extreme Networks
No statement is currently available from the vendor regarding this
vulnerability.
F5 Networks
No statement is currently available from the vendor regarding this
vulnerability.
Foundry Networks Inc.
No statement is currently available from the vendor regarding this
vulnerability.
FreeBSD
No statement is currently available from the vendor regarding this
vulnerability.
Fujitsu
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Global Technology Associates
No statement is currently available from the vendor regarding this
vulnerability.
Hitachi
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Hewlett-Packard Company
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Ingrian Networks
No statement is currently available from the vendor regarding this
vulnerability.
Intel
No statement is currently available from the vendor regarding this
vulnerability.
Intoto
No statement is currently available from the vendor regarding this
vulnerability.
Juniper Networks
No statement is currently available from the vendor regarding this
vulnerability.
Lachman
No statement is currently available from the vendor regarding this
vulnerability.
Linksys
No statement is currently available from the vendor regarding this
vulnerability.
Lotus Software
No statement is currently available from the vendor regarding this
vulnerability.
Lucent Technologies
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Microsoft Corporation
Please see
http://www.microsoft.com/technet/security/bulletin/MS04-001.asp
MontaVista Software
No statement is currently available from the vendor regarding this
vulnerability.
MandrakeSoft
No statement is currently available from the vendor regarding this
vulnerability.
Multi-Tech Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
NEC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
NetBSD
NetBSD does not ship any H.323 implementations as part of the
Operating System.
There are a number of third-party implementations available in the
pkgsrc system. As these products are found to be vulnerable, or
updated, the packages will be updated accordingly. The
audit-packages mechanism can be used to check for known-vulnerable
package versions.
Netfilter
No statement is currently available from the vendor regarding this
vulnerability.
NetScreen
No statement is currently available from the vendor regarding this
vulnerability.
Network Appliance
No statement is currently available from the vendor regarding this
vulnerability.
Nokia
No statement is currently available from the vendor regarding this
vulnerability.
Nortel Networks
The following Nortel Networks Generally Available products and
solutions are potentially affected by the vulnerabilities
identified in NISCC Vulnerability Advisory 006489/H323 and CERT
VU#749342:
Business Communications Manager (BCM) (all versions) is potentially
affected; more information is available in Product Advisory Alert
No. PAA 2003-0392-Global.
Succession 1000 IP Trunk and IP Peer Networking, and 802.11
Wireless IP Gateway are potentially affected; more information is
available in Product Advisory Alert No. PAA-2003-0465-Global.
For more information please contact
North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009,
or +44 (0) 870 907 9009
Contacts for other regions are available at
http://www.nortelnetworks.com/help/contact/global/
Or visit the eService portal at http://www.nortelnetworks.com/cs
under Advanced Search.
If you are a channel partner, more information can be found under
http://www.nortelnetworks.com/pic
under Advanced Search.
Novell
No statement is currently available from the vendor regarding this
vulnerability.
Objective Systems Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
OpenBSD
No statement is currently available from the vendor regarding this
vulnerability.
Openwall GNU/*/Linux
No statement is currently available from the vendor regarding this
vulnerability.
RadVision
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Red Hat Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Oracle Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Riverstone Networks
No statement is currently available from the vendor regarding this
vulnerability.
Secure Computing Corporation
No statement is currently available from the vendor regarding this
vulnerability.
SecureWorks
No statement is currently available from the vendor regarding this
vulnerability.
Sequent
No statement is currently available from the vendor regarding this
vulnerability.
Sony Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Stonesoft
No statement is currently available from the vendor regarding this
vulnerability.
Sun Microsystems Inc.
Sun SNMP does not provide support for H.323, so we are not
vulnerable. And so far we have not found any bundled products that
are affected by this vulnerability. We are also actively
investigating our unbundled products to see if they are affected.
Updates will be provided to this statement as they become
available.
SuSE Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Symantec Corporation
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Unisys
No statement is currently available from the vendor regarding this
vulnerability.
TandBerg
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Tumbleweed Communications Corp.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
TurboLinux
No statement is currently available from the vendor regarding this
vulnerability.
uniGone
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
WatchGuard
No statement is currently available from the vendor regarding this
vulnerability.
Wirex
No statement is currently available from the vendor regarding this
vulnerability.
Wind River Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Xerox
No statement is currently available from the vendor regarding this
vulnerability.
ZyXEL
No statement is currently available from the vendor regarding this
vulnerability.
_________________________________________________________________
The CERT Coordination Center thanks the NISCC Vulnerability Management Team and the University of Oulu Security Programming Group (OUSPG) for coordinating the discovery and release of the technical details of this issue. ___________
Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. McDowell, Shawn V. Hernan and Jason A. Rafail
This document is available from: http://www.cert.org/advisories/CA-2004-01.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright 2004 Carnegie Mellon University.
Revision History January 13, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT BfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh AP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77 KeVgAqcfP2M= =p0GQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200402-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios 12.0",
"scope": null,
"trust": 5.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": null,
"trust": 3.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios 12.2 s",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.2",
"scope": null,
"trust": 2.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s7",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s1",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2s"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.2t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1e"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.0t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.1t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.3t"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "12.0s"
},
{
"model": "ios 12.0 s8",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "internet service node",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"model": "conference connection",
"scope": null,
"trust": 1.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e8",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e7",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "radvision",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tandberg",
"version": null
},
{
"model": "ata 180 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "( version 2.16.1 previous h.323/sip load if you have introduced )"
},
{
"model": "bts 10200 softswitch",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "version 3.0 from 3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.3"
},
{
"model": "ip phone 7900 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7905g h.323 software version 1.00"
},
{
"model": "ios 12.0 st7",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5a",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.1 aa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bx",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(22)"
},
{
"model": "opencall multiservice controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "ios 12.1 yh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 [ vpn des strong ] sp2 build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141716"
},
{
"model": "ios 12.2yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(1)"
},
{
"model": "ios 12.1 yf4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(7)"
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.4.7"
},
{
"model": "ios 12.1 yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(27)"
},
{
"model": "ios 11.3ha",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(5)"
},
{
"model": "ios 12.1xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(20)"
},
{
"model": "isa server fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.2zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.2 t0a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1x",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yz2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(13)"
},
{
"model": "ios 12.0 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "4000"
},
{
"model": "ios 12.2 ya8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb15",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 11.3 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(14.5)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure host media processing software",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "1.0"
},
{
"model": "ios 12.0xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.1 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios t",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "ios 12.1xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(11)"
},
{
"model": "ios 12.1xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ze",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(18.4)"
},
{
"model": "ios 12.2 sl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "ios 12.1 e12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1000"
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet premier",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.1xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.0"
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(17)"
},
{
"model": "ios 12.1xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xy6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(8)"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xp4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e18",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.02"
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.3 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xv"
},
{
"model": "ios 12.1 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(8)"
},
{
"model": "pwlib-1.2.12-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications conference server",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(7)"
},
{
"model": "ios 12.1xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(4)"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 t10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"model": "ios 12.0 st4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure pbx-ip media gateway",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "ios 12.0xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "ios 12.2 zh3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv3"
},
{
"model": "ios 12.1 yf2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.5.0"
},
{
"model": "point software firewall-1 [ vpn des strong ] build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141439"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.2"
},
{
"model": "ios 12.1 e14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2yk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software ng-ai",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(9)"
},
{
"model": "ios 12.2zd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.1 e16",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bts",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
},
{
"model": "ios 12.2 mx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(12.05)"
},
{
"model": "ios 12.2yn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1)"
},
{
"model": "ios 12.1 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e13",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 t5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(28)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(3)"
},
{
"model": "ios 12.0 st5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3)"
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ios 12.2zg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xg5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.1 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xl4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1.1)"
},
{
"model": "netstructure ipt ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(18.2)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "isa server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xu1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv"
},
{
"model": "ios 12.0 s2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.137"
},
{
"model": "networks wireless ip gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "(802.11)"
},
{
"model": "ios 12.1yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv5"
},
{
"model": "sg203",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "ios 12.2 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(4)"
},
{
"model": "ios 12.1xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ios 12.1 ec3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3.2)"
},
{
"model": "ios 11.3da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ed",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.2 zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zb7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios 12.1xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.11"
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.3.1"
},
{
"model": "ios 12.2 xm2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ye",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv4"
},
{
"model": "ios 12.1 xs2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 yw2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ym",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks business communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"model": "ios 12.1 xm7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "5000"
},
{
"model": "ios 12.2yw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure dmip ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "point software firewall-1 [ vpn des ]",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "+4.1"
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.146"
},
{
"model": "ios 12.2 yw3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(26)"
},
{
"model": "ios 12.0xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.1"
},
{
"model": "ios 12.2 xb11",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pwlib-1.3.3-5.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(9)"
},
{
"model": "ios 12.2 zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 sx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sunforum 3d",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.0"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:11.3t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0054"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "University of Oulu Security Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0054",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2004-0054",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-8484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0054",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#749342",
"trust": 0.8,
"value": "13.67"
},
{
"author": "CNNVD",
"id": "CNNVD-200402-062",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-8484",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. The majority of the vulnerabilities discovered are limited to denial of service impacts; however, several may allow unauthorized code execution. H.323 Support protocol Cisco IOS(IOS Software release 11.3T Or later ) At H.323 Insufficient handling of messages. According to the information provided by the vendor, H.323 Supported by protocol Cisco IOS In addition to software, some Cisco IOS Products other than software are also affected. Also, IOS NAT And IOS Firewall ( CBAC ) May be affected for systems that have) enabled. Check the information provided by the vendor for more information. In addition, H.323 Vulnerabilities related to this vulnerability have been confirmed in other systems that implement the protocol. Remote attackers can use this vulnerability to conduct denial-of-service attacks on H.323-implemented devices and software, and may execute arbitrary instructions on the system with process privileges. The current investigation results are as follows: 3Com current supplier has no statement about this issue Alcatel current supplier has no statement about this issue Apple Computer Inc. Mac OS X and Mac OS X Server are not affected by this vulnerability AT\u0026T Current supplier has no statement about this issue To make a statement Avaya can see NISCC Vulnerability Advisory 006489/H323:t http://www.uniras.gov.uk/vuls/2004/006489/h323.htm Borderware Current supplier has no statement on this issue Check Point Current supplier has no Statement on this issue BSDI The current supplier has no statement on this issue Cisco Systems Inc. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities\n\n Original release date: January 13, 2004\n Last revised: --\n Source: CERT/CC, NISCC\n\n A complete revision history can be found at the end of this file. \n\nI. Description\n\n The U.K. H.323 is\n an international standard protocol, published by the International\n Telecommunications Union, used to facilitate communication among\n telephony and multimedia systems. Examples of such systems include\n VoIP, video-conferencing equipment, and network devices that manage\n H.323 traffic. A test suite developed by NISCC and the University of\n Oulu Security Programming Group (OUSPG) has exposed multiple\n vulnerabilities in a variety of implementations of the H.323 protocol\n (specifically its connection setup sub-protocol H.225.0). \n\n The U.K. National Infrastructure Security Co-ordination Centre is\n tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is\n tracking this issue as VU#749342. This reference number corresponds to\n CVE candidate CAN-2003-0819, as referenced in Microsoft Security\n Bulletin MS04-001. \n\nII. \n\nIII. Solution\n\nApply a patch or upgrade\n\n Appendix A and the Systems Affected section of Vulnerability Note\n VU#749342 contain information provided by vendors for this advisory\n (\u003chttp://www.kb.cert.org/vuls/id/749342#systems\u003e). \n\n However, as vendors report new information to the CERT/CC, we will\n only update VU#749342. If a particular vendor is not listed, we have\n not received their comments. Please contact your vendor directly. \n\nFilter network traffic\n\n Sites are encouraged to apply network packet filters to block access\n to the H.323 services at network borders. This can minimize the\n potential of denial-of-service attacks originating from outside the\n perimeter. The specific services that should be filtered include\n\n * 1720/TCP\n * 1720/UDP\n\n If access cannot be filtered at the network perimeter, the CERT/CC\n recommends limiting access to only those external hosts that require\n H.323 for normal operation. As a general rule, filtering all types of\n network traffic that are not required for normal operation is\n recommended. \n\n It is important to note that some firewalls process H.323 packets and\n may themselves be vulnerable to attack. As noted in some vendor\n recommendations like Cisco Security Advisory 20040113-h323 and\n Microsoft Security Bulletin MS04-001, certain sites may actually want\n to disable application layer inspection of H.323 network packets. \n\n Protecting your infrastructure against these vulnerabilities may\n require careful coordination among application, computer, network, and\n telephony administrators. You may have to make tradeoffs between\n security and functionality until vulnerable products can be updated. \n\nAppendix A. Please see the Systems Affected section of Vulnerability\n Note VU#749342 and the Vendor Information section of NISCC\n Vulnerability Advisory 006489/H323 for the latest information\n regarding the response of the vendor community to this issue. \n\n3Com\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAlcatel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nApple Computer Inc. \n\n Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain\n the issue described in this note. \n\nAT\u0026T\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAvaya\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nBorderware\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nBSDI\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCisco Systems Inc. \n\n Please see\n http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml\n\nClavister\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nComputer Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCyberguard\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nDebian\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nD-Link Systems\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nConectiva\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEMC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEngarde\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\neSoft\n\n We don\u0027t have an H.323 implementation and thus aren\u0027t affected by\n this. \n\nExtreme Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nF5 Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFoundry Networks Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFreeBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFujitsu\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nGlobal Technology Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nHitachi\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nHewlett-Packard Company\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nIngrian Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntoto\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nJuniper Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLachman\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLinksys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLotus Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLucent Technologies\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nMicrosoft Corporation\n\n Please see\n http://www.microsoft.com/technet/security/bulletin/MS04-001.asp\n\nMontaVista Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMandrakeSoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMulti-Tech Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNEC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetBSD\n\n NetBSD does not ship any H.323 implementations as part of the\n Operating System. \n\n There are a number of third-party implementations available in the\n pkgsrc system. As these products are found to be vulnerable, or\n updated, the packages will be updated accordingly. The\n audit-packages mechanism can be used to check for known-vulnerable\n package versions. \n\nNetfilter\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetScreen\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetwork Appliance\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNokia\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNortel Networks\n\n The following Nortel Networks Generally Available products and\n solutions are potentially affected by the vulnerabilities\n identified in NISCC Vulnerability Advisory 006489/H323 and CERT\n VU#749342:\n\n Business Communications Manager (BCM) (all versions) is potentially\n affected; more information is available in Product Advisory Alert\n No. PAA 2003-0392-Global. \n\n Succession 1000 IP Trunk and IP Peer Networking, and 802.11\n Wireless IP Gateway are potentially affected; more information is\n available in Product Advisory Alert No. PAA-2003-0465-Global. \n\n For more information please contact\n\n North America: 1-800-4NORTEL or 1-800-466-7835\n Europe, Middle East and Africa: 00800 8008 9009,\n or +44 (0) 870 907 9009\n\n Contacts for other regions are available at\n\n http://www.nortelnetworks.com/help/contact/global/\n\n Or visit the eService portal at http://www.nortelnetworks.com/cs\n under Advanced Search. \n\n If you are a channel partner, more information can be found under\n\n http://www.nortelnetworks.com/pic\n\n under Advanced Search. \n\nNovell\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nObjective Systems Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOpenBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nOpenwall GNU/*/Linux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRadVision\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nRed Hat Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOracle Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRiverstone Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecure Computing Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecureWorks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSequent\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSony Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nStonesoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSun Microsystems Inc. \n\n Sun SNMP does not provide support for H.323, so we are not\n vulnerable. And so far we have not found any bundled products that\n are affected by this vulnerability. We are also actively\n investigating our unbundled products to see if they are affected. \n Updates will be provided to this statement as they become\n available. \n\nSuSE Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSymantec Corporation\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nUnisys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nTandBerg\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTumbleweed Communications Corp. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTurboLinux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nuniGone\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nWatchGuard\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWirex\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWind River Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nXerox\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nZyXEL\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n _________________________________________________________________\n\n The CERT Coordination Center thanks the NISCC Vulnerability Management\n Team and the University of Oulu Security Programming Group (OUSPG) for\n coordinating the discovery and release of the technical details of\n this issue. \n _________________________________________________________________\n\n Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. \n McDowell, Shawn V. Hernan and Jason A. Rafail\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2004-01.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n ______________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2004 Carnegie Mellon University. \n\n Revision History\nJanuary 13, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT\nBfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh\nAP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77\nKeVgAqcfP2M=\n=p0GQ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "VULHUB",
"id": "VHN-8484"
},
{
"db": "PACKETSTORM",
"id": "32511"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#749342",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2004-0054",
"trust": 2.8
},
{
"db": "BID",
"id": "9406",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1008685",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "10869",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1008846",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000011",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200402-062",
"trust": 0.7
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:4884",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2004-01",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20040113 VULNERABILITIES IN H.323 MESSAGE PROCESSING",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-8484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "32511",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8484"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
]
},
"id": "VAR-200402-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8484"
}
],
"trust": 0.9453695575
},
"last_update_date": "2023-12-18T12:24:36.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20040113-h323",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml"
},
{
"title": "cisco-sa-20040113-h323",
"trust": 0.8,
"url": "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20040113-h323-japan.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0054"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm"
},
{
"trust": 2.9,
"url": "http://www.cert.org/advisories/ca-2004-01.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/9406"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/749342"
},
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1008685"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4884"
},
{
"trust": 0.8,
"url": "http://www.itu.int/itudoc/itu-t/rec/h/h225-0.html"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/o-050.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0054"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040113-00387.xml"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040301.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040501.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040901.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2004-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-006489/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trca-2004-01/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0054"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20040113-00387.pdf"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/10869/"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/jan/1008846.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040114_112014.html"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:4884"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/h323.html"
},
{
"trust": 0.3,
"url": "http://support.fvc.com/eng/docs/misc_docs/h.323_security_bulletin.pdf"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/h323_hf.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101429-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=15871"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/749342#systems\u003e)."
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-001.asp"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/cs"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/pic"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8484"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "VULHUB",
"id": "VHN-8484"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2004-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-8484"
},
{
"date": "2004-01-13T00:00:00",
"db": "BID",
"id": "9406"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"date": "2004-01-14T18:44:00",
"db": "PACKETSTORM",
"id": "32511"
},
{
"date": "2004-02-17T05:00:00",
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"date": "2004-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8484"
},
{
"date": "2007-11-15T00:39:00",
"db": "BID",
"id": "9406"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000011"
},
{
"date": "2017-10-11T01:29:20.027000",
"db": "NVD",
"id": "CVE-2004-0054"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in H.323 implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "9406"
},
{
"db": "CNNVD",
"id": "CNNVD-200402-062"
}
],
"trust": 0.9
}
}
VAR-200403-0035
Vulnerability from variot - Updated: 2023-12-18 12:24Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. Cross platform library PWLib 1.6.0 Less than H.225 There is a flaw in handling messages. The degree of influence is PWLib Depends on the application that uses In addition, H.323 Vulnerabilities related to this vulnerability have been confirmed in other systems that implement the protocol. For other system information, NISCC-006489 (JVN) , NISCC Advisory 006489/h323(CPNI Advisory 00387) Please check also.PWLib Applications that use H.225 Service disruption by processing messages (DoS) An attacker may be able to attack or execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities
Original release date: January 13, 2004 Last revised: -- Source: CERT/CC, NISCC
A complete revision history can be found at the end of this file.
I. Description
The U.K. H.323 is an international standard protocol, published by the International Telecommunications Union, used to facilitate communication among telephony and multimedia systems. Examples of such systems include VoIP, video-conferencing equipment, and network devices that manage H.323 traffic.
Information about individual vendor H.323 implementations is available in the Vendor Information section below, and in the Vendor Information section of NISCC Vulnerability Advisory 006489/H323.
The U.K. National Infrastructure Security Co-ordination Centre is tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is tracking this issue as VU#749342. This reference number corresponds to CVE candidate CAN-2003-0819, as referenced in Microsoft Security Bulletin MS04-001.
II.
III. Solution
Apply a patch or upgrade
Appendix A and the Systems Affected section of Vulnerability Note VU#749342 contain information provided by vendors for this advisory (http://www.kb.cert.org/vuls/id/749342#systems).
However, as vendors report new information to the CERT/CC, we will only update VU#749342. If a particular vendor is not listed, we have not received their comments. Please contact your vendor directly.
Filter network traffic
Sites are encouraged to apply network packet filters to block access to the H.323 services at network borders. This can minimize the potential of denial-of-service attacks originating from outside the perimeter. The specific services that should be filtered include
* 1720/TCP
* 1720/UDP
If access cannot be filtered at the network perimeter, the CERT/CC recommends limiting access to only those external hosts that require H.323 for normal operation. As a general rule, filtering all types of network traffic that are not required for normal operation is recommended.
It is important to note that some firewalls process H.323 packets and may themselves be vulnerable to attack. As noted in some vendor recommendations like Cisco Security Advisory 20040113-h323 and Microsoft Security Bulletin MS04-001, certain sites may actually want to disable application layer inspection of H.323 network packets.
Protecting your infrastructure against these vulnerabilities may require careful coordination among application, computer, network, and telephony administrators. You may have to make tradeoffs between security and functionality until vulnerable products can be updated.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. Please see the Systems Affected section of Vulnerability Note VU#749342 and the Vendor Information section of NISCC Vulnerability Advisory 006489/H323 for the latest information regarding the response of the vendor community to this issue.
3Com
No statement is currently available from the vendor regarding this
vulnerability.
Alcatel
No statement is currently available from the vendor regarding this
vulnerability.
Apple Computer Inc.
Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain
the issue described in this note.
AT&T
No statement is currently available from the vendor regarding this
vulnerability.
Avaya
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Borderware
No statement is currently available from the vendor regarding this
vulnerability.
Check Point
No statement is currently available from the vendor regarding this
vulnerability.
BSDI
No statement is currently available from the vendor regarding this
vulnerability.
Cisco Systems Inc.
Please see
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
Clavister
No statement is currently available from the vendor regarding this
vulnerability.
Computer Associates
No statement is currently available from the vendor regarding this
vulnerability.
Cyberguard
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Debian
No statement is currently available from the vendor regarding this
vulnerability.
D-Link Systems
No statement is currently available from the vendor regarding this
vulnerability.
Conectiva
No statement is currently available from the vendor regarding this
vulnerability.
EMC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Engarde
No statement is currently available from the vendor regarding this
vulnerability.
eSoft
We don't have an H.323 implementation and thus aren't affected by
this.
Extreme Networks
No statement is currently available from the vendor regarding this
vulnerability.
F5 Networks
No statement is currently available from the vendor regarding this
vulnerability.
Foundry Networks Inc.
No statement is currently available from the vendor regarding this
vulnerability.
FreeBSD
No statement is currently available from the vendor regarding this
vulnerability.
Fujitsu
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Global Technology Associates
No statement is currently available from the vendor regarding this
vulnerability.
Hitachi
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Hewlett-Packard Company
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Ingrian Networks
No statement is currently available from the vendor regarding this
vulnerability.
Intel
No statement is currently available from the vendor regarding this
vulnerability.
Intoto
No statement is currently available from the vendor regarding this
vulnerability.
Juniper Networks
No statement is currently available from the vendor regarding this
vulnerability.
Lachman
No statement is currently available from the vendor regarding this
vulnerability.
Linksys
No statement is currently available from the vendor regarding this
vulnerability.
Lotus Software
No statement is currently available from the vendor regarding this
vulnerability.
Lucent Technologies
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Microsoft Corporation
Please see
http://www.microsoft.com/technet/security/bulletin/MS04-001.asp
MontaVista Software
No statement is currently available from the vendor regarding this
vulnerability.
MandrakeSoft
No statement is currently available from the vendor regarding this
vulnerability.
Multi-Tech Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
NEC Corporation
No statement is currently available from the vendor regarding this
vulnerability.
NetBSD
NetBSD does not ship any H.323 implementations as part of the
Operating System.
There are a number of third-party implementations available in the
pkgsrc system. As these products are found to be vulnerable, or
updated, the packages will be updated accordingly. The
audit-packages mechanism can be used to check for known-vulnerable
package versions.
Netfilter
No statement is currently available from the vendor regarding this
vulnerability.
NetScreen
No statement is currently available from the vendor regarding this
vulnerability.
Network Appliance
No statement is currently available from the vendor regarding this
vulnerability.
Nokia
No statement is currently available from the vendor regarding this
vulnerability.
Nortel Networks
The following Nortel Networks Generally Available products and
solutions are potentially affected by the vulnerabilities
identified in NISCC Vulnerability Advisory 006489/H323 and CERT
VU#749342:
Business Communications Manager (BCM) (all versions) is potentially
affected; more information is available in Product Advisory Alert
No. PAA 2003-0392-Global.
Succession 1000 IP Trunk and IP Peer Networking, and 802.11
Wireless IP Gateway are potentially affected; more information is
available in Product Advisory Alert No. PAA-2003-0465-Global.
For more information please contact
North America: 1-800-4NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009,
or +44 (0) 870 907 9009
Contacts for other regions are available at
http://www.nortelnetworks.com/help/contact/global/
Or visit the eService portal at http://www.nortelnetworks.com/cs
under Advanced Search.
If you are a channel partner, more information can be found under
http://www.nortelnetworks.com/pic
under Advanced Search.
Novell
No statement is currently available from the vendor regarding this
vulnerability.
Objective Systems Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
OpenBSD
No statement is currently available from the vendor regarding this
vulnerability.
Openwall GNU/*/Linux
No statement is currently available from the vendor regarding this
vulnerability.
RadVision
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Red Hat Inc.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Oracle Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Riverstone Networks
No statement is currently available from the vendor regarding this
vulnerability.
Secure Computing Corporation
No statement is currently available from the vendor regarding this
vulnerability.
SecureWorks
No statement is currently available from the vendor regarding this
vulnerability.
Sequent
No statement is currently available from the vendor regarding this
vulnerability.
Sony Corporation
No statement is currently available from the vendor regarding this
vulnerability.
Stonesoft
No statement is currently available from the vendor regarding this
vulnerability.
Sun Microsystems Inc.
Sun SNMP does not provide support for H.323, so we are not
vulnerable. And so far we have not found any bundled products that
are affected by this vulnerability. We are also actively
investigating our unbundled products to see if they are affected.
Updates will be provided to this statement as they become
available.
SuSE Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Symantec Corporation
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Unisys
No statement is currently available from the vendor regarding this
vulnerability.
TandBerg
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Tumbleweed Communications Corp.
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
TurboLinux
No statement is currently available from the vendor regarding this
vulnerability.
uniGone
Please see the NISCC Vulnerability Advisory 006489/H323 at
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
WatchGuard
No statement is currently available from the vendor regarding this
vulnerability.
Wirex
No statement is currently available from the vendor regarding this
vulnerability.
Wind River Systems Inc.
No statement is currently available from the vendor regarding this
vulnerability.
Xerox
No statement is currently available from the vendor regarding this
vulnerability.
ZyXEL
No statement is currently available from the vendor regarding this
vulnerability.
_________________________________________________________________
The CERT Coordination Center thanks the NISCC Vulnerability Management Team and the University of Oulu Security Programming Group (OUSPG) for coordinating the discovery and release of the technical details of this issue. ___________
Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. McDowell, Shawn V. Hernan and Jason A. Rafail
This document is available from: http://www.cert.org/advisories/CA-2004-01.html
CERT/CC Contact Information
Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message
subscribe cert-advisory
- "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright 2004 Carnegie Mellon University.
Revision History January 13, 2004: Initial release
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8
iQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT BfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh AP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77 KeVgAqcfP2M= =p0GQ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200404-11
http://security.gentoo.org
Severity: High Title: Multiple Vulnerabilities in pwlib
Date: April 09, 2004
Bugs: #45846
ID: 200404-11
Synopsis
Multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack.
Background
pwlib is a multi-platform library designed for OpenH323.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
dev-libs/pwlib <= 1.5.2-r2 >= 1.5.2-r3
Description
Multiple vulnerabilities have been found in the implimentation of protocol H.323 contained in pwlib. Most of the vulnerabilies are in the parsing of ASN.1 elements which would allow an attacker to use a maliciously crafted ASN.1 element to cause unpredictable behavior in pwlib.
Workaround
Blocking ports 1719 and 1720 may reduce the likelihood of an attack. All users are advised to upgrade to the latest version of the affected package.
Resolution
All pwlib users are advised to upgrade to version 1.5.2-r3 or later:
# emerge sync
# emerge -pv ">=dev-libs/pwlib-1.5.2-r3"
# emerge ">=dev-libs/pwlib-1.5.2-r3"
References
[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097 [ 2 ] http://www.uniras.gov.uk/vuls/2004/006489/h323.htm
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200404-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/1.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200403-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios 12.0",
"scope": null,
"trust": 5.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": null,
"trust": 3.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": null,
"trust": 2.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": null,
"trust": 2.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s7",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s1",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2",
"scope": "ne",
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "pwlib",
"scope": "lte",
"trust": 1.0,
"vendor": "openh323",
"version": "1.6.0"
},
{
"model": "ios 12.1 e8",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e7",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "radvision",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tandberg",
"version": null
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "3.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "ios 12.0 st7",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5a",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "ios 12.1 aa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bx",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.6,
"vendor": "openh323",
"version": "1.6.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(22)"
},
{
"model": "opencall multiservice controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "ios 12.1 yh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 [ vpn des strong ] sp2 build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141716"
},
{
"model": "ios 12.2yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(1)"
},
{
"model": "ios 12.1 yf4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(7)"
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.4.7"
},
{
"model": "ios 12.1 yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(27)"
},
{
"model": "ios 11.3ha",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(5)"
},
{
"model": "ios 12.1xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(20)"
},
{
"model": "isa server fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.2zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "isa server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "ios 12.2 t0a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1x",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yz2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(13)"
},
{
"model": "ios 12.0 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "4000"
},
{
"model": "ios 12.2 ya8",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb15",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 11.3 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(14.5)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "ios 12.2 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure host media processing software",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "1.0"
},
{
"model": "ios 12.0xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.1 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios t",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.2"
},
{
"model": "sg208",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "ios 12.1xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(11)"
},
{
"model": "ios 12.1xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ze",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(18.4)"
},
{
"model": "ios 12.2 sl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "ios 12.1 e12",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks succession",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "1000"
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet premier",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "fedora core3",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.1xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.0"
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(17)"
},
{
"model": "ios 12.1xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xy6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(8)"
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xp4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e18",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.02"
},
{
"model": "point software next generation fp2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.3 t",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1xv"
},
{
"model": "ios 12.1 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(8)"
},
{
"model": "pwlib-1.2.12-3.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications conference server",
"scope": null,
"trust": 0.3,
"vendor": "first",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(7)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 12.1xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(4)"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 t10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"model": "ios 12.0 st4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure pbx-ip media gateway",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "ios 12.0xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "1.0"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "ios 12.2 zh3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv3"
},
{
"model": "ios 12.1 yf2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "pwlib",
"scope": "eq",
"trust": 0.3,
"vendor": "pwlib",
"version": "1.5.0"
},
{
"model": "point software firewall-1 [ vpn des strong ] build",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "++4.141439"
},
{
"model": "sunforum",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "3.2"
},
{
"model": "ios 12.1 e14",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "point software firewall-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2yk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software ng-ai",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(9)"
},
{
"model": "ios 12.2zd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.1 e16",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "bts",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10200"
},
{
"model": "ios 12.2 mx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ez1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf2",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(12.05)"
},
{
"model": "ios 12.2yn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1)"
},
{
"model": "ios 12.1 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e13",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 t5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "ios 12.1 yb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(28)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(3)"
},
{
"model": "ios 12.0 st5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3)"
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7905"
},
{
"model": "ios 12.2zg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xg5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.1 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xl4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1.1)"
},
{
"model": "netstructure ipt ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "internet service node",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(18.2)"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "isa server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "point software firewall-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xu1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv"
},
{
"model": "ios 12.0 s2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2mc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.137"
},
{
"model": "networks wireless ip gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "(802.11)"
},
{
"model": "ios 12.1yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv5"
},
{
"model": "sg203",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.31.29"
},
{
"model": "ios 12.2 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(4)"
},
{
"model": "ios 12.1xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "point software nokia voyager",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "ios 12.1 ec3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3.2)"
},
{
"model": "ios 11.3da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ed",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.2 zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zl1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zb7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sg5x",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.3"
},
{
"model": "ios 12.1xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.11"
},
{
"model": "ata-186",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.2zj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.3.1"
},
{
"model": "ios 12.2 xm2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e10",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ye",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv4"
},
{
"model": "ios 12.1 xs2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 yw2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ym",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "call manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(3)"
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "networks business communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"model": "ios 12.1 xm7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya7",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "virtual communications v-gate",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "5000"
},
{
"model": "ios 12.2yw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "netstructure dmip ip boards",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "point software firewall-1 [ vpn des ]",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "+4.1"
},
{
"model": "opencall multiservice controller patch",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.146"
},
{
"model": "ios 12.2 yw3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(26)"
},
{
"model": "conference connection",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "virtual communications click to meet express",
"scope": "eq",
"trust": 0.3,
"vendor": "first",
"version": "2.1"
},
{
"model": "ios 12.2 xb11",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pwlib-1.3.3-5.i386.rpm",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(9)"
},
{
"model": "ios 12.2 zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software next generation fp3 hf1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ios 12.2 sx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "point software firewall-1 sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.0"
},
{
"model": "ios 12.2 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "sunforum 3d",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.0"
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openh323_project:pwlib:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0097"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "University of Oulu Security Programming Group",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2004-0097",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0097",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#749342",
"trust": 0.8,
"value": "13.67"
},
{
"author": "CNNVD",
"id": "CNNVD-200403-046",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol (VoIP) and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks. Cross platform library PWLib 1.6.0 Less than H.225 There is a flaw in handling messages. The degree of influence is PWLib Depends on the application that uses In addition, H.323 Vulnerabilities related to this vulnerability have been confirmed in other systems that implement the protocol. For other system information, NISCC-006489 (JVN) , NISCC Advisory 006489/h323(CPNI Advisory 00387) Please check also.PWLib Applications that use H.225 Service disruption by processing messages (DoS) An attacker may be able to attack or execute arbitrary code. \n-----BEGIN PGP SIGNED MESSAGE-----\n\nCERT Advisory CA-2004-01 Multiple H.323 Message Vulnerabilities\n\n Original release date: January 13, 2004\n Last revised: --\n Source: CERT/CC, NISCC\n\n A complete revision history can be found at the end of this file. \n\nI. Description\n\n The U.K. H.323 is\n an international standard protocol, published by the International\n Telecommunications Union, used to facilitate communication among\n telephony and multimedia systems. Examples of such systems include\n VoIP, video-conferencing equipment, and network devices that manage\n H.323 traffic. \n\n Information about individual vendor H.323 implementations is available\n in the Vendor Information section below, and in the Vendor Information\n section of NISCC Vulnerability Advisory 006489/H323. \n\n The U.K. National Infrastructure Security Co-ordination Centre is\n tracking these vulnerabilities as NISCC/006489/H.323. The CERT/CC is\n tracking this issue as VU#749342. This reference number corresponds to\n CVE candidate CAN-2003-0819, as referenced in Microsoft Security\n Bulletin MS04-001. \n\nII. \n\nIII. Solution\n\nApply a patch or upgrade\n\n Appendix A and the Systems Affected section of Vulnerability Note\n VU#749342 contain information provided by vendors for this advisory\n (\u003chttp://www.kb.cert.org/vuls/id/749342#systems\u003e). \n\n However, as vendors report new information to the CERT/CC, we will\n only update VU#749342. If a particular vendor is not listed, we have\n not received their comments. Please contact your vendor directly. \n\nFilter network traffic\n\n Sites are encouraged to apply network packet filters to block access\n to the H.323 services at network borders. This can minimize the\n potential of denial-of-service attacks originating from outside the\n perimeter. The specific services that should be filtered include\n\n * 1720/TCP\n * 1720/UDP\n\n If access cannot be filtered at the network perimeter, the CERT/CC\n recommends limiting access to only those external hosts that require\n H.323 for normal operation. As a general rule, filtering all types of\n network traffic that are not required for normal operation is\n recommended. \n\n It is important to note that some firewalls process H.323 packets and\n may themselves be vulnerable to attack. As noted in some vendor\n recommendations like Cisco Security Advisory 20040113-h323 and\n Microsoft Security Bulletin MS04-001, certain sites may actually want\n to disable application layer inspection of H.323 network packets. \n\n Protecting your infrastructure against these vulnerabilities may\n require careful coordination among application, computer, network, and\n telephony administrators. You may have to make tradeoffs between\n security and functionality until vulnerable products can be updated. \n\nAppendix A. - Vendor Information\n\n This appendix contains information provided by vendors for this\n advisory. Please see the Systems Affected section of Vulnerability\n Note VU#749342 and the Vendor Information section of NISCC\n Vulnerability Advisory 006489/H323 for the latest information\n regarding the response of the vendor community to this issue. \n\n3Com\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAlcatel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nApple Computer Inc. \n\n Apple: Not Vulnerable. Mac OS X and Mac OS X Server do not contain\n the issue described in this note. \n\nAT\u0026T\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nAvaya\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nBorderware\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCheck Point\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nBSDI\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCisco Systems Inc. \n\n Please see\n http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml\n\nClavister\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nComputer Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nCyberguard\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nDebian\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nD-Link Systems\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nConectiva\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEMC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nEngarde\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\neSoft\n\n We don\u0027t have an H.323 implementation and thus aren\u0027t affected by\n this. \n\nExtreme Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nF5 Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFoundry Networks Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFreeBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nFujitsu\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nGlobal Technology Associates\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nHitachi\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nHewlett-Packard Company\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nIngrian Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntel\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nIntoto\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nJuniper Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLachman\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLinksys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLotus Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nLucent Technologies\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nMicrosoft Corporation\n\n Please see\n http://www.microsoft.com/technet/security/bulletin/MS04-001.asp\n\nMontaVista Software\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMandrakeSoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nMulti-Tech Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNEC Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetBSD\n\n NetBSD does not ship any H.323 implementations as part of the\n Operating System. \n\n There are a number of third-party implementations available in the\n pkgsrc system. As these products are found to be vulnerable, or\n updated, the packages will be updated accordingly. The\n audit-packages mechanism can be used to check for known-vulnerable\n package versions. \n\nNetfilter\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetScreen\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNetwork Appliance\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNokia\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nNortel Networks\n\n The following Nortel Networks Generally Available products and\n solutions are potentially affected by the vulnerabilities\n identified in NISCC Vulnerability Advisory 006489/H323 and CERT\n VU#749342:\n\n Business Communications Manager (BCM) (all versions) is potentially\n affected; more information is available in Product Advisory Alert\n No. PAA 2003-0392-Global. \n\n Succession 1000 IP Trunk and IP Peer Networking, and 802.11\n Wireless IP Gateway are potentially affected; more information is\n available in Product Advisory Alert No. PAA-2003-0465-Global. \n\n For more information please contact\n\n North America: 1-800-4NORTEL or 1-800-466-7835\n Europe, Middle East and Africa: 00800 8008 9009,\n or +44 (0) 870 907 9009\n\n Contacts for other regions are available at\n\n http://www.nortelnetworks.com/help/contact/global/\n\n Or visit the eService portal at http://www.nortelnetworks.com/cs\n under Advanced Search. \n\n If you are a channel partner, more information can be found under\n\n http://www.nortelnetworks.com/pic\n\n under Advanced Search. \n\nNovell\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nObjective Systems Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOpenBSD\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nOpenwall GNU/*/Linux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRadVision\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nRed Hat Inc. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nOracle Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nRiverstone Networks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecure Computing Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSecureWorks\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSequent\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSony Corporation\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nStonesoft\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSun Microsystems Inc. \n\n Sun SNMP does not provide support for H.323, so we are not\n vulnerable. And so far we have not found any bundled products that\n are affected by this vulnerability. We are also actively\n investigating our unbundled products to see if they are affected. \n Updates will be provided to this statement as they become\n available. \n\nSuSE Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nSymantec Corporation\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nUnisys\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nTandBerg\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTumbleweed Communications Corp. \n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nTurboLinux\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nuniGone\n\n Please see the NISCC Vulnerability Advisory 006489/H323 at\n http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nWatchGuard\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWirex\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nWind River Systems Inc. \n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nXerox\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n\nZyXEL\n\n No statement is currently available from the vendor regarding this\n vulnerability. \n _________________________________________________________________\n\n The CERT Coordination Center thanks the NISCC Vulnerability Management\n Team and the University of Oulu Security Programming Group (OUSPG) for\n coordinating the discovery and release of the technical details of\n this issue. \n _________________________________________________________________\n\n Feedback may be directed to the authors: Jeffrey S. Havrilla, Mindi J. \n McDowell, Shawn V. Hernan and Jason A. Rafail\n ______________________________________________________________________\n\n This document is available from:\n http://www.cert.org/advisories/CA-2004-01.html\n ______________________________________________________________________\n\nCERT/CC Contact Information\n\n Email: cert@cert.org\n Phone: +1 412-268-7090 (24-hour hotline)\n Fax: +1 412-268-6989\n Postal address:\n CERT Coordination Center\n Software Engineering Institute\n Carnegie Mellon University\n Pittsburgh PA 15213-3890\n U.S.A. \n\n CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /\n EDT(GMT-4) Monday through Friday; they are on call for emergencies\n during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n We strongly urge you to encrypt sensitive information sent by email. \n Our public PGP key is available from\n http://www.cert.org/CERT_PGP.key\n\n If you prefer to use DES, please call the CERT hotline for more\n information. \n\nGetting security information\n\n CERT publications and other security information are available from\n our web site\n http://www.cert.org/\n\n To subscribe to the CERT mailing list for advisories and bulletins,\n send email to majordomo@cert.org. Please include in the body of your\n message\n\n subscribe cert-advisory\n\n * \"CERT\" and \"CERT Coordination Center\" are registered in the U.S. \n Patent and Trademark Office. \n ______________________________________________________________________\n\n NO WARRANTY\n Any material furnished by Carnegie Mellon University and the Software\n Engineering Institute is furnished on an \"as is\" basis. Carnegie\n Mellon University makes no warranties of any kind, either expressed or\n implied as to any matter including, but not limited to, warranty of\n fitness for a particular purpose or merchantability, exclusivity or\n results obtained from use of the material. Carnegie Mellon University\n does not make any warranty of any kind with respect to freedom from\n patent, trademark, or copyright infringement. \n ______________________________________________________________________\n\n Conditions for use, disclaimers, and sponsorship information\n\n Copyright 2004 Carnegie Mellon University. \n\n Revision History\nJanuary 13, 2004: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBQASK7JZ2NNT/dVAVAQG65wP8C7DyEvZGz0HqXtRqk+PAjjpMqex1hdjT\nBfkT6oHMhTWIdvUE1mpAwnV7OPL+N+UugCC0bAEXQzBy/YkBBOptt7IZdIeOlInh\nAP0RO5zqt0GqMIrdW7P14iWBX2lLCQaMUgWNyvK4ZTNE9UzpOgBk2JonfBLjbH77\nKeVgAqcfP2M=\n=p0GQ\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200404-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Multiple Vulnerabilities in pwlib\n\n Date: April 09, 2004\n Bugs: #45846\n ID: 200404-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilites have been found in pwlib that may lead to a\nremote denial of service or buffer overflow attack. \n\nBackground\n==========\n\npwlib is a multi-platform library designed for OpenH323. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n dev-libs/pwlib \u003c= 1.5.2-r2 \u003e= 1.5.2-r3\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in the implimentation of\nprotocol H.323 contained in pwlib. Most of the vulnerabilies are in the\nparsing of ASN.1 elements which would allow an attacker to use a\nmaliciously crafted ASN.1 element to cause unpredictable behavior in\npwlib. \n\nWorkaround\n==========\n\nBlocking ports 1719 and 1720 may reduce the likelihood of an attack. \nAll users are advised to upgrade to the latest version of the affected\npackage. \n\nResolution\n==========\n\nAll pwlib users are advised to upgrade to version 1.5.2-r3 or later:\n\n # emerge sync\n\n # emerge -pv \"\u003e=dev-libs/pwlib-1.5.2-r3\"\n # emerge \"\u003e=dev-libs/pwlib-1.5.2-r3\"\n\nReferences\n==========\n\n [ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097\n [ 2 ] http://www.uniras.gov.uk/vuls/2004/006489/h323.htm\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200404-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2004 Gentoo Technologies, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/1.0\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "PACKETSTORM",
"id": "33050"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#749342",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2004-0097",
"trust": 2.8
},
{
"db": "BID",
"id": "9406",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "10869",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1008846",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000012",
"trust": 0.8
},
{
"db": "XF",
"id": "15202",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:803",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:10056",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:826",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-448",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2004:047",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2004-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200403-046",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "32511",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33050",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "PACKETSTORM",
"id": "33050"
},
{
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
]
},
"id": "VAR-200403-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8453695575
},
"last_update_date": "2023-12-18T12:24:36.293000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-448",
"trust": 0.8,
"url": "http://www.debian.org/security/2004/dsa-448"
},
{
"title": "RHSA-2004:048",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-048.html"
},
{
"title": "RHSA-2004:047",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2004-047.html"
},
{
"title": "RHSA-2004:047",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2004-047j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.cert.org/advisories/ca-2004-01.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/9406"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/749342"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2004/dsa-448"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2004-047.html"
},
{
"trust": 1.3,
"url": "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15202"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10056"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a803"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a826"
},
{
"trust": 0.8,
"url": "http://www.itu.int/itudoc/itu-t/rec/h/h225-0.html"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0097"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20040113-00387.xml"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040301.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040501.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/wr/2004/wr040901.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-006489/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnca-2004-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trca-2004-01/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0097"
},
{
"trust": 0.8,
"url": "http://www.cpni.gov.uk/docs/re-20040113-00387.pdf"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/10869/"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/jan/1008846.html"
},
{
"trust": 0.8,
"url": "http://www.isskk.co.jp/support/techinfo/general/voip_vul160.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/20040114_112014.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15202"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10056"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:826"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:803"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/alerts/h323.html"
},
{
"trust": 0.3,
"url": "http://support.fvc.com/eng/docs/misc_docs/h.323_security_bulletin.pdf"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/techsupport/h323_hf.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101429-1\u0026searchclause="
},
{
"trust": 0.3,
"url": "http://support.avaya.com/japple/css/japple?temp.groupid=128450\u0026temp.selectedfamily=128451\u0026temp.selectedproduct=154235\u0026temp.selectedbucket=126655\u0026temp.feedbackstate=askforfeedback\u0026temp.documentid=15871"
},
{
"trust": 0.1,
"url": "http://www.cert.org/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/749342#systems\u003e)."
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-001.asp"
},
{
"trust": 0.1,
"url": "http://www.cert.org/cert_pgp.key"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/help/contact/global/"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/cs"
},
{
"trust": 0.1,
"url": "http://www.nortelnetworks.com/pic"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2004-0097"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200404-11.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0097"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/1.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "PACKETSTORM",
"id": "33050"
},
{
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#749342"
},
{
"db": "BID",
"id": "9406"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"db": "PACKETSTORM",
"id": "32511"
},
{
"db": "PACKETSTORM",
"id": "33050"
},
{
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2004-01-13T00:00:00",
"db": "BID",
"id": "9406"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"date": "2004-01-14T18:44:00",
"db": "PACKETSTORM",
"id": "32511"
},
{
"date": "2004-04-09T12:06:00",
"db": "PACKETSTORM",
"id": "33050"
},
{
"date": "2004-03-03T05:00:00",
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"date": "2004-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#749342"
},
{
"date": "2007-11-15T00:39:00",
"db": "BID",
"id": "9406"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000012"
},
{
"date": "2017-10-11T01:29:20.793000",
"db": "NVD",
"id": "CVE-2004-0097"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in H.323 implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#749342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "9406"
},
{
"db": "CNNVD",
"id": "CNNVD-200403-046"
}
],
"trust": 0.9
}
}
VAR-202112-2029
Vulnerability from variot - Updated: 2023-12-18 11:56A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. Poly Trio 8800 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Polycom Trio is a Trio series business conference phone from Polycom
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.5.3.3441"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.5.9111"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.5.9658"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.7.1.4095"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.4.7776"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.2.5400"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.5.4.2255"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.4.7511"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.5.2.11338"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.1.17597"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.0.12856"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.3.2007"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.0.12541"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.0.12197"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.3.2400"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.4.7609"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.7.1.4133"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.5.3.3517"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.4.3.2389"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.5.2.11391"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 1.0,
"vendor": "poly",
"version": "5.7.1.4145"
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 0.8,
"vendor": "poly",
"version": null
},
{
"model": "trio 8800",
"scope": null,
"trust": 0.8,
"vendor": "poly",
"version": null
},
{
"model": "trio 8800",
"scope": "eq",
"trust": 0.8,
"vendor": "poly",
"version": "trio 8800 firmware"
},
{
"model": "trio",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "88005.7.1.4145"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "NVD",
"id": "CVE-2018-17875"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12197:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12541:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.0.12856:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.1.17597:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.2.5400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2389:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.3.2400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.4.7511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.4.7609:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.4.7776:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.5.9111:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.4.5.9658:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.5.2.11338:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.5.2.11391:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.5.3.3441:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.5.3.3517:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.5.4.2255:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.7.1.4095:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.7.1.4133:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:poly:trio_8800_firmware:5.7.1.4145:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:poly:trio_8800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17875"
}
]
},
"cve": "CVE-2018-17875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-17875",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-09783",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17875",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17875",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-09783",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2733",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "NVD",
"id": "CVE-2018-17875"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors. Poly Trio 8800 Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Polycom Trio is a Trio series business conference phone from Polycom",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"db": "VULMON",
"id": "CVE-2018-17875"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17875",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-09783",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2733",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-17875",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"db": "VULMON",
"id": "CVE-2018-17875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "NVD",
"id": "CVE-2018-17875"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
]
},
"id": "VAR-202112-2029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
}
],
"trust": 1.1555556
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
}
]
},
"last_update_date": "2023-12-18T11:56:48.459000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TRIO\u00a08800",
"trust": 0.8,
"url": "https://www.poly.com/jp/ja/products/phones/trio/trio-8800"
},
{
"title": "Patch for Polycom Trio Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/318846"
},
{
"title": "Polycom Trio Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176419"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "NVD",
"id": "CVE-2018-17875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://unkl4b.github.io/authenticated-rce-in-polycom-trio-8800-pt-1/"
},
{
"trust": 1.7,
"url": "https://support.polycom.com/content/support/emea/emea/en/support/voice/polycom-trio/polycom-trio-8800.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"db": "VULMON",
"id": "CVE-2018-17875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "NVD",
"id": "CVE-2018-17875"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"db": "VULMON",
"id": "CVE-2018-17875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"db": "NVD",
"id": "CVE-2018-17875"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17875"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"date": "2021-12-28T13:15:07.947000",
"db": "NVD",
"id": "CVE-2018-17875"
},
{
"date": "2021-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09783"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17875"
},
{
"date": "2023-01-17T01:09:00",
"db": "JVNDB",
"id": "JVNDB-2018-016634"
},
{
"date": "2022-01-10T13:58:42.737000",
"db": "NVD",
"id": "CVE-2018-17875"
},
{
"date": "2022-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Poly\u00a0Trio\u00a08800\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-016634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2733"
}
],
"trust": 0.6
}
}
VAR-201303-0507
Vulnerability from variot - Updated: 2022-05-17 02:07Polycom HDX Series are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized root access to the affected device; this may aid in launching further attacks.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "BID",
"id": "58523"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "n.runs AG",
"sources": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series are prone to a security-bypass vulnerability.\nAn attacker can exploit this issue to bypass certain security restrictions and gain unauthorized root access to the affected device; this may aid in launching further attacks.",
"sources": [
{
"db": "BID",
"id": "58523"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58523",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"id": "VAR-201303-0507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T02:07:15.395000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58523"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "58523"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58523"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58523"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series Security bypass vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-342"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "58523"
}
],
"trust": 0.3
}
}
VAR-201303-0456
Vulnerability from variot - Updated: 2022-05-17 02:02Polycom HDX Series devices are prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code with root access in the context of the vulnerable device. Failed exploit attempts will likely result in a denial-of-service condition.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "BID",
"id": "58525"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moritz Jodeit of n.runs AG",
"sources": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series devices are prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.\nAn attacker may exploit this issue to execute arbitrary code with root access in the context of the vulnerable device. Failed exploit attempts will likely result in a denial-of-service condition.",
"sources": [
{
"db": "BID",
"id": "58525"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58525",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"id": "VAR-201303-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T02:02:35.342000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58525"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "58525"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58525"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58525"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series \u2018 H.323 \u003c/ formatting string vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-340"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "58525"
}
],
"trust": 0.3
}
}
VAR-201106-0324
Vulnerability from variot - Updated: 2022-05-17 01:53Polycom SoundPoint is a VoIP device. An information disclosure vulnerability exists in the reg_1.html page of SoundPoint IP, which can be exploited by remote attackers to obtain sensitive information. Polycom SoundPoint IP is prone to an information-disclosure vulnerability. Information obtained will aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201106-0324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "soundpoint ip",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "301"
},
{
"model": "soundpoint ip",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
},
{
"db": "BID",
"id": "48316"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pr0T3cT10n",
"sources": [
{
"db": "BID",
"id": "48316"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-6910",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2011-6910",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom SoundPoint is a VoIP device. An information disclosure vulnerability exists in the reg_1.html page of SoundPoint IP, which can be exploited by remote attackers to obtain sensitive information. Polycom SoundPoint IP is prone to an information-disclosure vulnerability. Information obtained will aid in further attacks",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
},
{
"db": "BID",
"id": "48316"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "48316",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-6910",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
},
{
"db": "BID",
"id": "48316"
}
]
},
"id": "VAR-201106-0324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
}
]
},
"last_update_date": "2022-05-17T01:53:22.907000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Polycom SoundPoint IP \\\"reg_1.html\\\" Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43294"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/48316"
},
{
"trust": 0.3,
"url": "http://www.polycom.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
},
{
"db": "BID",
"id": "48316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
},
{
"db": "BID",
"id": "48316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-6910"
},
{
"date": "2011-06-16T00:00:00",
"db": "BID",
"id": "48316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-6910"
},
{
"date": "2011-06-16T00:00:00",
"db": "BID",
"id": "48316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "48316"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom SoundPoint IP \\\"reg_1.html\\\" Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6910"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "48316"
}
],
"trust": 0.3
}
}
VAR-201801-1848
Vulnerability from variot - Updated: 2022-05-17 01:52PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. HDX 3.1.11 hotfix 1 and prior versions are affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx hotfix",
"scope": "eq",
"trust": 0.9,
"vendor": "polycom",
"version": "3.1.111"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.9,
"vendor": "polycom",
"version": "3.1.11"
},
{
"model": "hdx hotfix",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "3.1.112"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SensePost.",
"sources": [
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01931",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-01931",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. \nHDX 3.1.11 hotfix 1 and prior versions are affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "101973",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-01931",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"id": "VAR-201801-1848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
],
"trust": 1.08295455
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
]
},
"last_update_date": "2022-05-17T01:52:35.878000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for PolycomHDX Endpoint Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/114453"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/101973/"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
},
{
"trust": 0.3,
"url": "http://support.polycom.com/content/dam/polycom-support/global/documentation/secruity-advisory-hdx.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"db": "BID",
"id": "101973"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"date": "2017-11-24T00:00:00",
"db": "BID",
"id": "101973"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01931"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101973"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Endpoint Remote Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01931"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "101973"
}
],
"trust": 0.3
}
}
VAR-201203-0516
Vulnerability from variot - Updated: 2022-05-17 01:45Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web management interface g3/hdx hd",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "8000"
},
{
"model": "linux development platform 2.14.g3",
"scope": null,
"trust": 0.3,
"vendor": "polycom",
"version": null
},
{
"model": "hdx video end points",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "2.6"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "durango build",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "2.64740"
},
{
"model": "durango",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "2.6"
},
{
"model": "uc apl 2.7.1.j",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": null
},
{
"model": "hdx video end points",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "3.0.4"
},
{
"model": "hdx video end points",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "52301"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jo??o Paulo Caldas Campello",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
],
"trust": 0.6
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.\nRemote attackers can use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.",
"sources": [
{
"db": "BID",
"id": "52301"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "52301",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "52301"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"id": "VAR-201203-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T01:45:31.714000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/52301"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2012/mar/18?utm_source=twitterfeed\u0026utm_medium=twitter"
},
{
"trust": 0.3,
"url": "http://blog.tempest.com.br/joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
},
{
"trust": 0.3,
"url": "http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html"
}
],
"sources": [
{
"db": "BID",
"id": "52301"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "52301"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-05T00:00:00",
"db": "BID",
"id": "52301"
},
{
"date": "2012-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-02-13T09:01:00",
"db": "BID",
"id": "52301"
},
{
"date": "2012-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom Directory Traversal Vulnerabilities and Command Injection Vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-053"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "52301"
}
],
"trust": 0.3
}
}
VAR-201303-0508
Vulnerability from variot - Updated: 2022-05-17 01:45Polycom HDX is a high-definition series of network cameras. The Polycom HDX series uses user input that is not properly filtered for use in SQL queries. There is a SQL injection vulnerability in the implementation that an attacker can use to perform unauthorized database operations. Polycom HDX Series devices are prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject and execute arbitrary commands within the context of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "6000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "7000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "8000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "9000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moritz Jodeit of n.runs AG",
"sources": [
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02164",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-02164",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX is a high-definition series of network cameras. The Polycom HDX series uses user input that is not properly filtered for use in SQL queries. There is a SQL injection vulnerability in the implementation that an attacker can use to perform unauthorized database operations. Polycom HDX Series devices are prone to a remote command-injection vulnerability. \nAttackers can exploit this issue to inject and execute arbitrary commands within the context of the affected device",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58524",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-02164",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"id": "VAR-201303-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
],
"trust": 0.8159090999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
]
},
"last_update_date": "2022-05-17T01:45:25.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Polycom HDX Series SQL Injection Vulnerability (CNVD-2013-02164)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32994"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58524"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/mar/97"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58524"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02164"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58524"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series Remote Command Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "58524"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-341"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "58524"
}
],
"trust": 0.3
}
}
VAR-201303-0457
Vulnerability from variot - Updated: 2022-05-17 01:43Polycom HDX Series devices are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "90000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "80000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "70000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "60000"
},
{
"model": "hdx",
"scope": "eq",
"trust": 0.3,
"vendor": "polycom",
"version": "40000"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "90003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "80003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "70003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "60003.1.12"
},
{
"model": "hdx",
"scope": "ne",
"trust": 0.3,
"vendor": "polycom",
"version": "40003.1.12"
}
],
"sources": [
{
"db": "BID",
"id": "58526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moritz Jodeit of n.runs AG",
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.9
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series devices are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.\nExploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.",
"sources": [
{
"db": "BID",
"id": "58526"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58526",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"id": "VAR-201303-0457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2159091
},
"last_update_date": "2022-05-17T01:43:25.548000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58526"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/mar/98"
},
{
"trust": 0.3,
"url": "http://www.polycom.com/"
}
],
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58526"
},
{
"date": "2013-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58526"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom HDX Series SQL Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "58526"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-339"
}
],
"trust": 0.6
}
}
VAR-201310-0797
Vulnerability from variot - Updated: 2022-05-04 09:52The Polycom VSX 7000 is a video conferencing product. The Polycom VSX 7000 does not properly restrict access to telnet, HTTP, and FTP services, allowing unauthenticated remote attackers to gain access to the device.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0797",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vsx",
"scope": "eq",
"trust": 0.6,
"vendor": "polycom",
"version": "7000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-13709",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-13709",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Polycom VSX 7000 is a video conferencing product. The Polycom VSX 7000 does not properly restrict access to telnet, HTTP, and FTP services, allowing unauthenticated remote attackers to gain access to the device.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13709",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"id": "VAR-201310-0797",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
],
"trust": 1.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"last_update_date": "2022-05-04T09:52:08.201000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://dariusfreamon.wordpress.com/2013/10/08/polycom-vsx-7000-unauthenticated-access/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13709"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Polycom VSX 7000 Multiple Services Unverified Remote Access Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13709"
}
],
"trust": 0.6
}
}
VAR-201008-0272
Vulnerability from variot - Updated: 2021-12-18 15:57The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is prone to a security vulnerability due to an insecure-hashing algorithm. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. NOTE: This document previously covered two vulnerabilities in VxWorks. The remote security-bypass issue has been moved to BID 42158 (VxWorks Debugging Service Security-Bypass Vulnerability) to allow for better documentation of both issues. This flaw occurs due to an insecure password hashing implementation in the authentication library (loginLib) of the VxWorks operating system. Regardless of what password is set for a particular account, there are a only small number (~210k) of possible hash outputs. Typical passwords consisting of alphanumeric characters and symbols fall within an even smaller range of hash outputs (~8k), making this trivial to brute force over the network. To excaberate matters, loginLib has no support for account lockouts and the FTP daemon does not disconnect clients that consistently fail to authenticate. This reduces the brute force time for the FTP service to approximately 30 minutes.
To demonstrate the hash weakness, the password of "insecure" hashes to the value "Ry99dzRcy9". The password of "s{{{{{^O" also hashes to the same output. The hashing algorithm itself is based on an additive sum with a small XOR operation. The resulting sums are then transformed to a printable string, but the range of possible intermediate values is limited and mostly sequential. The entire collision table has been precomputed and will be released in early September as an input file for common brute force tools. More information about the hashing algorithm itself is available at the Metasploit blog post below:
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
There are three requirements for this vulnerability to be exploited:
-
The device must be running at least one service that uses loginLib for authentication. Telnet and FTP do so by default.
-
A valid username must be known to the attacker. This is usually easy to determine through product manuals or a cursory review of the firmware binaries.
-
The target service must be using with default loginLib library and must not have changed the authentication function to point to a custom backend.
A typical VxWorks device will meet all three requirements by default, but customization by the device manufacturer may preclude this from being exploited. In general, if the device displays a VxWorks banner for Telnet or FTP, it is more than likely vulnerable.
-- Vendor Response: Wind River Systems has notified their customers of the issue and suggested that each downstream vendor replace the existing hash implementation with SHA512 or SHA256. The exact extent of the vulnerability and the complete list of affected devices is not known at this time. Example code from Wind River Systems has been supplied to CERT and is included in the advisory below:
http://www.kb.cert.org/vuls/id/840249
-- Disclosure Timeline: 2009-06-02 - Vulnerability reported to CERT for vendor notification 2009-08-02 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by HD Moore
-- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
http://www.rapid7.com/disclosure.jsp
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.4"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5.5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5"
},
{
"model": "vxworks",
"scope": "lte",
"trust": 1.0,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "vxworks",
"scope": "lt",
"trust": 0.8,
"vendor": "wind river",
"version": "6.9"
},
{
"model": "vxworks",
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ericsson",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "river systems vxworks through",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.56.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "*"
},
{
"model": "river systems vxworks",
"scope": "eq",
"trust": 0.3,
"vendor": "wind",
"version": "0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HD Moore",
"sources": [
{
"db": "BID",
"id": "42114"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2967",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2967",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 9.5,
"exploitability": "HIGH",
"exploitabilityScore": 10.0,
"id": "VU#840249",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3889",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VH-CVE-2010-2967",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2967",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#840249",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2010-3889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VUL-HUB",
"id": "VH-CVE-2010-2967",
"trust": 0.1,
"value": "High risk"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is prone to a security vulnerability due to an insecure-hashing algorithm. \nThe issue affects multiple products from multiple vendors that ship with the VxWorks operating system. \nNOTE: This document previously covered two vulnerabilities in VxWorks. The remote security-bypass issue has been moved to BID 42158 (VxWorks Debugging Service Security-Bypass Vulnerability) to allow for better documentation of both issues. \nThis flaw occurs due to an insecure password hashing implementation in\nthe authentication library (loginLib) of the VxWorks operating system. \nRegardless of what password is set for a particular account, there are a\nonly small number (~210k) of possible hash outputs. Typical passwords\nconsisting of alphanumeric characters and symbols fall within an even\nsmaller range of hash outputs (~8k), making this trivial to brute force\nover the network. To excaberate matters, loginLib has no support for\naccount lockouts and the FTP daemon does not disconnect clients that\nconsistently fail to authenticate. This reduces the brute force time for\nthe FTP service to approximately 30 minutes. \n\nTo demonstrate the hash weakness, the password of \"insecure\" hashes to\nthe value \"Ry99dzRcy9\". The password of \"s{{{{{^O\" also hashes to the\nsame output. The hashing algorithm itself is based on an additive sum\nwith a small XOR operation. The resulting sums are then transformed to a\nprintable string, but the range of possible intermediate values is\nlimited and mostly sequential. The entire collision table has been\nprecomputed and will be released in early September as an input file for\ncommon brute force tools. More information about the hashing algorithm\nitself is available at the Metasploit blog post below:\n\n http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\nThere are three requirements for this vulnerability to be exploited:\n\n * The device must be running at least one service that uses loginLib\nfor authentication. Telnet and FTP do so by default. \n\n * A valid username must be known to the attacker. This is usually easy\nto determine through product manuals or a cursory review of the firmware\nbinaries. \n\n * The target service must be using with default loginLib library and\nmust not have changed the authentication function to point to a custom\nbackend. \n\nA typical VxWorks device will meet all three requirements by default,\nbut customization by the device manufacturer may preclude this from\nbeing exploited. In general, if the device displays a VxWorks banner for\nTelnet or FTP, it is more than likely vulnerable. \n\n-- Vendor Response:\nWind River Systems has notified their customers of the issue and\nsuggested that each downstream vendor replace the existing hash\nimplementation with SHA512 or SHA256. The exact extent of the\nvulnerability and the complete list of affected devices is not known at\nthis time. Example code from Wind River Systems has been supplied to\nCERT and is included in the advisory below:\n\n http://www.kb.cert.org/vuls/id/840249\n\n-- Disclosure Timeline:\n2009-06-02 - Vulnerability reported to CERT for vendor notification\n2009-08-02 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by HD Moore\n\n-- About Rapid7 Security\nRapid7 provides vulnerability management, compliance and penetration\ntesting solutions for Web application, network and database security. In\naddition to developing the NeXpose Vulnerability Management system,\nRapid7 manages the Metasploit Project and is the primary sponsor of the\nW3AF web assessment tool. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.rapid7.com/disclosure.jsp\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
],
"trust": 4.41
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#840249",
"trust": 4.4
},
{
"db": "NVD",
"id": "CVE-2010-2967",
"trust": 3.5
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2010-3889",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-10-214-01",
"trust": 0.8
},
{
"db": "BID",
"id": "42114",
"trust": 0.3
},
{
"db": "IVD",
"id": "0183E958-2356-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D753CB1-463F-11E9-876D-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92449",
"trust": 0.1
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"id": "VAR-201008-0272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
}
],
"trust": 1.7928571500000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
}
]
},
"last_update_date": "2021-12-18T15:57:33.115000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.windriver.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://windriver.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"trust": 2.6,
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/mapg-863qh9"
},
{
"trust": 2.4,
"url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2967"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2967"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu840249"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-214-01_vxworks_vulnerabilities.pdf"
},
{
"trust": 0.8,
"url": "http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"
},
{
"trust": 0.8,
"url": "http://newsoft-tech.blogspot.com/2010/09/follow-up-on-vxworks-issue.html"
},
{
"trust": 0.8,
"url": "http://cvk.posterous.com/how-to-crack-vxworks-password-hashes"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.3,
"url": "http://www.windriver.com/"
},
{
"trust": 0.3,
"url": "/archive/1/512827"
},
{
"trust": 0.3,
"url": "/archive/1/512842"
},
{
"trust": 0.1,
"url": "http://www.rapid7.com/disclosure.jsp"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"db": "BID",
"id": "42114"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-05T13:22:00",
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2010-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"date": "2010-08-02T00:00:00",
"db": "BID",
"id": "42114"
},
{
"date": "2010-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249"
},
{
"date": "2010-08-04T00:00:00",
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"date": "2010-08-03T18:01:12",
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-05T13:22:00",
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"date": null,
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"date": null,
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"date": "2010-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2010-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001882"
},
{
"date": "2010-08-05T19:46:00",
"db": "BID",
"id": "42114"
},
{
"date": "2014-06-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249"
},
{
"date": "2020-11-04T00:00:00",
"db": "VULHUB",
"id": "VH-CVE-2010-2967"
},
{
"date": null,
"db": "PACKETSTORM",
"id": "92449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind River VxWorks loginDefaultEncrypt Algorithm encryption problem vulnerability",
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
}
}