var-200807-0235
Vulnerability from variot
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer. This issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Lenovo's System Update service allows downloading and installing arbitrary update executables from fake servers. After the SSL negotiation is successful, the client will continue to download the XML file, which contains the path name, size and related SHA-1 hash to the EXE file. If the software version displayed in the XML file is higher than the version of the installed software, the EXE file will be downloaded, the SHA-1 hash will be calculated and compared with the hash defined in the XML file, and if it matches, it will be administrator Permission to execute executable programs. To exploit this vulnerability, the attacker must create a self-signed SSL certificate that contains the X.509 header values (issuer, common name, organization, etc.) of the public SSL certificate used by the SystemUpdate server (download.boulder.ibm.com) , the attacker would also modify the XML configuration file of the targeted software package so that the version number, file size, and SHA-1 hash match the malicious EXE file. When SystemUpdate tries to connect to the server, the attacker can accept the connection through techniques such as DNS spoofing and ARP redirection. Wireless networks are especially at risk because impersonation of access points can simplify attacks. Once SystemUpdate connects to TCP port 443, the fake server negotiates an SSL session with an attacker-created SSL certificate, then sends malicious XML and EXE files when SystemUpdate requests the targeted software package. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more: http://secunia.com/network_software_inspector_2/
TITLE: ThinkVantage System Update Missing SSL Certificate Chain Verification
SECUNIA ADVISORY ID: SA30379
VERIFY ADVISORY: http://secunia.com/advisories/30379/
CRITICAL: Less critical
IMPACT: Spoofing
WHERE:
From remote
SOFTWARE: ThinkVantage System Update 3.x http://secunia.com/product/15450/
DESCRIPTION: Derek Callaway has reported a security issue in ThinkVantage System Update, which can be exploited by malicious people to conduct spoofing attacks.
Successful exploitation allows e.g. downloading and executing malicious programs, but requires that the application connects to a malicious update server providing a specially crafted X.509 certificate (e.g. via DNS poisoning). Other versions may also be affected. http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-66956
PROVIDED AND/OR DISCOVERED BY: Derek Callaway, Security Objectives
ORIGINAL ADVISORY: SECOBJADV-2008-01: http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200807-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkvantage system update",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "3.13"
},
{
"model": "thinkvantage system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "3.13.0005"
},
{
"model": "thinkvantage system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "3.14"
},
{
"model": "thinkvantage system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "3.13.0005"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3"
},
{
"model": "system update",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.14"
}
],
"sources": [
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:thinkvantage_system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Derek Callaway",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2008-3249",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-33374",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3249",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3249",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200807-352",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33374",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer. \nThis issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Lenovo\u0027s System Update service allows downloading and installing arbitrary update executables from fake servers. After the SSL negotiation is successful, the client will continue to download the XML file, which contains the path name, size and related SHA-1 hash to the EXE file. If the software version displayed in the XML file is higher than the version of the installed software, the EXE file will be downloaded, the SHA-1 hash will be calculated and compared with the hash defined in the XML file, and if it matches, it will be administrator Permission to execute executable programs. To exploit this vulnerability, the attacker must create a self-signed SSL certificate that contains the X.509 header values \u200b\u200b(issuer, common name, organization, etc.) of the public SSL certificate used by the SystemUpdate server (download.boulder.ibm.com) , the attacker would also modify the XML configuration file of the targeted software package so that the version number, file size, and SHA-1 hash match the malicious EXE file. When SystemUpdate tries to connect to the server, the attacker can accept the connection through techniques such as DNS spoofing and ARP redirection. Wireless networks are especially at risk because impersonation of access points can simplify attacks. Once SystemUpdate connects to TCP port 443, the fake server negotiates an SSL session with an attacker-created SSL certificate, then sends malicious XML and EXE files when SystemUpdate requests the targeted software package. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nLearn more:\nhttp://secunia.com/network_software_inspector_2/\n\n----------------------------------------------------------------------\n\nTITLE:\nThinkVantage System Update Missing SSL Certificate Chain Verification\n\nSECUNIA ADVISORY ID:\nSA30379\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30379/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSpoofing\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nThinkVantage System Update 3.x\nhttp://secunia.com/product/15450/\n\nDESCRIPTION:\nDerek Callaway has reported a security issue in ThinkVantage System\nUpdate, which can be exploited by malicious people to conduct\nspoofing attacks. \n\nSuccessful exploitation allows e.g. downloading and executing\nmalicious programs, but requires that the application connects to a\nmalicious update server providing a specially crafted X.509\ncertificate (e.g. via DNS poisoning). Other versions\nmay also be affected. \nhttp://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-66956\n\nPROVIDED AND/OR DISCOVERED BY:\nDerek Callaway, Security Objectives\n\nORIGINAL ADVISORY:\nSECOBJADV-2008-01:\nhttp://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3249"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "PACKETSTORM",
"id": "66635"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3249",
"trust": 2.8
},
{
"db": "BID",
"id": "29366",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "30379",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1020112",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080525 SECOBJADV-2008-01: LENOVO SYSTEMUPDATE SSL CERTIFICATE ISSUER SPOOFING VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "42638",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-33374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66635",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "PACKETSTORM",
"id": "66635"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"id": "VAR-200807-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:53:54.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lenovo System Update",
"trust": 0.8,
"url": "http://support.lenovo.com/en_US/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.security-objectives.com/advisories/secobjadv-2008-01.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/29366"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/492579"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1020112"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30379"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3249"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3249"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/42638"
},
{
"trust": 0.4,
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=migr-66956"
},
{
"trust": 0.3,
"url": "/archive/1/492579"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15450/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30379/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "PACKETSTORM",
"id": "66635"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "PACKETSTORM",
"id": "66635"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-33374"
},
{
"date": "2008-05-25T00:00:00",
"db": "BID",
"id": "29366"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"date": "2008-05-27T20:29:09",
"db": "PACKETSTORM",
"id": "66635"
},
{
"date": "2008-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"date": "2008-07-21T17:41:00",
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-33374"
},
{
"date": "2015-05-07T17:28:00",
"db": "BID",
"id": "29366"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"date": "2009-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"date": "2024-11-21T00:48:48.303000",
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerability to install arbitrary packages on the client",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…