var-201412-0614
Vulnerability from variot
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Has been identified. http://cwe.mitre.org/data/definitions/338.htmlA brute force attack by a third party (Brute force attack) May break the cryptographic protection mechanism. NTP is prone to a predictable random number generator weakness. An attacker can exploit this issue to guess generated MD5 keys that could then be used to spoof an NTP client or server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:003 http://www.mandriva.com/en/support/security/
Package : ntp Date : January 5, 2015 Affected: Business Server 1.0
Problem Description:
Updated ntp packages fix security vulnerabilities:
If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated (CVE-2014-9293).
A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure().
A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://advisories.mageia.org/MGASA-2014-0541.html
Updated Packages:
Mandriva Business Server 1/X86_64: 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
See the RESOLUTION section for a list of impacted hardware and Comware 5, Comware 5 Low Encryption SW, Comware 7, and VCX versions. Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted CVE #
8800 (Comware 5) R3627P04 JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP 8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis, JC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808 Router Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis, JC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing Unit, JC597A HP 8800 Single Fabric Main Processing Unit
CVE-2014-9295
A6600 (Comware 5) R3303P18 JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6602 (Comware 5) R3303P18 JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6800 (Comware 5) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
MSR20 (Comware 5) R2513P45 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router
CVE-2014-9295
MSR20-1X (Comware 5) R2513P45 JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router, JD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service Router, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW Multi-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP MSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router, JD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1 Multi-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router (NA), JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12 (0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR 20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R), H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W (0235A32G) CVE-2014-9295
MSR 30 (Comware 5) R2513P45 JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40 Multi-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP MSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service Router, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239), H3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V) CVE-2014-9295
MSR 30-16 (Comware 5) R2513P45 JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16 Multi-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router, H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238) CVE-2014-9295
MSR 30-1X (Comware 5) R2513P45 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L) CVE-2014-9295
MSR 50 (Comware 5) R2513P45 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L) CVE-2014-9295
MSR 50-G2 (Comware 5) R2513P45 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295
MSR 9XX (Comware 5) R2513P45 JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router, JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA), JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) CVE-2014-9295
MSR 93X (Comware 5) R2513P45 JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP MSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP MSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router, JG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930 4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G LTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router N/A CVE-2014-9295
MSR1000 (Comware 5) R2513P45 JG732A HP MSR1003-8 AC Router N/A CVE-2014-9295
MSR20 (Comware 5 - Low Encryption SW) R2513L61 JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326) CVE-2014-9295
MSR20-1X (Comware 5 - Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) CVE-2014-9295
MSR30 (Comware 5 - Low Encryption SW) R2513L61 JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) CVE-2014-9295
MSR30-16 (Comware 5 - Low Encryption SW) R2513L61 JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) CVE-2014-9295
MSR30-1X (Comware 5 - Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) CVE-2014-9295
MSR50 (Comware 5 - Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P) CVE-2014-9295
MSR50 G2 (Comware 5 - Low Encryption SW) R2513L61 JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295
12500 (Comware 5) R1828P06 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295
9500E (Comware 5) R1828P06 JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP A9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch Chassis, JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch Chassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C S9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R) CVE-2014-9295
10500 (Comware 5) R1208P10 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512 Switch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP 10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch Chassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512 TAA-compliant Switch Chassis
CVE-2014-9295
7500 (Comware 5) R6708P10 JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports, JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports, JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis, JD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506 Switch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis, JD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP 7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch Chassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric Slot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A HP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A HP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis
CVE-2014-9295
5830 (Comware 5) R1118P11 JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G Switch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A HP 5830AF-96G TAA-compliant Switch
CVE-2014-9295
5800 (Comware 5) R1809P03 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
CVE-2014-9295
5820 (Comware 5) R1809P03 JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch
CVE-2014-9295
5500 HI (Comware 5) R5501P06 JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots, JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
CVE-2014-9295
5500 EI (Comware 5) R2221P08 JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP 5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI Switch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI Switch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
CVE-2014-9295
4800G (Comware 5) R2221P08 JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP 4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch
CVE-2014-9295
5500SI (Comware 5) R2221P08 JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP 5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
CVE-2014-9295
4500G (Comware 5) R2221P08 JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch
CVE-2014-9295
5120 EI (Comware 5) R2221P08 JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP 5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with 2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP 5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots, JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
CVE-2014-9295
4210G (Comware 5) R2221P08 JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE Switch
CVE-2014-9295
5120 SI (Comware 5) R1513P95 JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP 5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP 5120-24G-PoE+ (170W) SI Switch
CVE-2014-9295
3610 (Comware 5) R5319P10 JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP 3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch
CVE-2014-9295
3600V2 (Comware 5) R2110P03 JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2 EI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI Switch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP 3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP 3600-48-PoE+ v2 SI Switch
CVE-2014-9295
3100V2-48 (Comware 5) R2110P03 JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch
CVE-2014-9295
3100V2 (Comware 5) R5203P11 JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP 3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI Switch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch
CVE-2014-9295
HP870 (Comware 5) R2607P35 JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
CVE-2014-9295
HP850 (Comware 5) R2607P35 JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
CVE-2014-9295
HP830 (Comware 5) R3507P35 JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
CVE-2014-9295
HP6000 (Comware 5) R2507P35 JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
CVE-2014-9295
WX5004-EI (Comware 5) R2507P35 JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller, JD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller
CVE-2014-9295
SecBlade FW (Comware 5) R3181P05 JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module, JD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall Processing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A HP 5820 VPN Firewall Module
CVE-2014-9295
F1000-E (Comware 5) R3181P05 JD272A HP F1000-E VPN Firewall Appliance
CVE-2014-9295
F1000-A-EI (Comware 5) R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance
CVE-2014-9295
F1000-S-EI (Comware 5) R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance
CVE-2014-9295
F5000-A (Comware 5) F3210P23 JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main Processing Unit, JG216A HP F5000 Firewall Standalone Chassis
CVE-2014-9295
U200S and CS (Comware 5) F5123P31 JD273A HP U200-S UTM Appliance
CVE-2014-9295
U200A and M (Comware 5) F5123P31 JD275A HP U200-A UTM Appliance
CVE-2014-9295
F5000-C/S (Comware 5) R3811P03 JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall Appliance
CVE-2014-9295
SecBlade III (Comware 5) R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
CVE-2014-9295
MSR20 RU (Comware 5 Low Encryption SW) R2513L61 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40, JF283A HP MSR20-20 Router
CVE-2014-9295
MSR20-1X RU (Comware 5 Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router, JD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15 A Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A HP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP MSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router
CVE-2014-9295
MSR30 RU (Comware 5 Low Encryption SW) R2513L61 JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60 Router, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A HP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20 TAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router
CVE-2014-9295
MSR301X RU (Comware 5 Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router
CVE-2014-9295
MSR316 RU (Comware 5 Low Encryption SW) R2513L61 JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router
CVE-2014-9295
MSR50 RU (Comware 5 Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply
CVE-2014-9295
MSR50 EPU RU (Comware 5 Low Encryption SW) R2513L61 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module, JD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply
CVE-2014-9295
MSR1000 RU (Comware 5 Low Encryption SW) R2513L61 JG732A HP MSR1003-8 AC Router
CVE-2014-9295
6600 RSE RU (Comware 5 Low Encryption SW) R3303P18 JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
6600 RPE RU (Comware 5 Low Encryption SW) R3303P18 JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
6602 RU (Comware 5 Low Encryption SW) R3303P18 JC176A) HP 6602 Router Chassis
CVE-2014-9295
HSR6602 RU (Comware 5 Low Encryption SW) R3303P18 JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6800 RU (Comware 5 Low Encryption SW) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
SMB1910 (Comware 5) R1108 JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24 Switch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch
CVE-2014-9295
SMB1920 (Comware 5) R1106 JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP 1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP 1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W) Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch
CVE-2014-9295
V1910 (Comware 5) R1513P95 JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE (365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G Switch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A HP 1910-8G-PoE+ (180W) Switch
CVE-2014-9295
SMB 1620 (Comware 5) R1105 JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G Switch
CVE-2014-9295
COMWARE 7 Products
12500 (Comware 7) R7328P04 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP 12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP FF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP FF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module, JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module, JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A HP FlexFabric 12508E Fabric Module H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295
11900 (Comware 7) R7169P01 JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900 32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A HP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF Module, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900 2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF 11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module
CVE-2014-9295
10500 (Comware 7) R7150 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A MPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module, JH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module N/A CVE-2014-9295
12900 (Comware 7) R1112 JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910 Main Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP FlexFabric 12916 Main Processing Unit
CVE-2014-9295
5900 (Comware 7) R2311P06 JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch, JG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA Switch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
CVE-2014-9295
5920 (Comware 7) R2311P06 JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch
CVE-2014-9295
MSR1000 (Comware 7) R0106P31 JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router
CVE-2014-9295
MSR2000 (Comware 7) R0106P31 JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP MSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router
CVE-2014-9295
MSR3000 (Comware 7) R0106P31 JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC Router, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP MSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024 TAA-compliant AC Router
CVE-2014-9295
MSR4000 (Comware 7) R0106P31 JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A HP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
CVE-2014-9295
5800 (Comware 7) R7006P12 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch
CVE-2014-9295
VSR (Comware 7) R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software, JG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004 Comware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual Services Router
CVE-2014-9295
7900 (Comware 7) R2122 JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch Chassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit, JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
CVE-2014-9295
5130 (Comware 7) R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch, JG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP 5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch, JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
CVE-2014-9295
5700 (Comware 7) R2311P06 JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
CVE-2014-9295
VCX 9.8.17 J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server, JE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL 120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary, JE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM Module, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform 9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router with VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX Connect 100 Sec Server 9.0
CVE -2014-9293 CVE-2014-9294 CVE-2014-9295
HISTORY Version:1 (rev.1) - 9 December 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
References:
CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Platform Patch Kit Name
Alpha IA64 V8.4 75-117-380_2015-08-24.BCK
NOTE: Please contact OpenVMS Technical Support to request these patch kits.
HISTORY Version:1 (rev.1) - 9 September 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295)
Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2
Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2
After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen.
References: http://www.ubuntu.com/usn/usn-2449-1 CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04582466
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04582466 Version: 1
HPSBGN03277 rev.1 - HP Virtualization Performance Viewer, Remote Execution of Code, Denial of Service (DoS) and
Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-03-06 Last Updated: 2015-03-06
Potential Security Impact: Remote execution of code, Denial of Service (DoS), and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the NTP service that is present on HP
Virtualization Performance Viewer (vPV). These could be exploited remotely to execute code, create a Denial of
Service (DoS), and other vulnerabilities.
References:
CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) SSRT101957
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Virtualization Performance Viewer v2.10, v2.01, v2.0, v1.X
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following information to mitigate the impact of these vulnerabilities.
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01411809?/
HISTORY Version:1 (rev.1) - 6 March 2015 Initial release
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-
alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP,
especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG &jumpid=in_SC-
GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th
characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW
MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS
PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux
TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is
continually reviewing and enhancing the security features of software products to provide customers with current
secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected
HP products the important security information contained in this Bulletin. HP recommends that all users
determine the applicability of this information to their individual situations and take appropriate action. HP
does not warrant that this information is necessarily accurate or complete for all user situations and,
consequently, HP will not be responsible for any damages resulting from user's use or disregard of the
information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability and fitness for a particular purpose, title and
non-infringement."
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The
information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential
damages including downtime cost; lost profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The information in this document is subject to
change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are
trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names
mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlT6CWUACgkQ4B86/C0qfVk6XQCg6QDwe+ba3WDTOzIDQg4Pxs9V 3ZMAn3DdFKuMO7w/MMmSc+DGUzK+zvUh =JNjz -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
EMC Identifier: ESA-2015-004
CVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-3618
Severity Rating: CVSS v2 Base Score: View details below for individual CVSS score for each CVE
Affected products:
\x95 EMC M&R (Watch4Net) versions prior 6.5u1
\x95 EMC ViPR SRM versions prior to 3.6.1
Summary: EMC M&R (Watch4Net) is vulnerable to multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. EMC ViPR SRM is built on EMC M&R platform and is also affected by these vulnerabilities.
Details: The vulnerabilities include: \x95 Multiple Oracle Java Runtime Environment (JRE) Vulnerabilities CVE Identifiers: CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562.
Oracle JRE contains multiple security vulnerabilities. Oracle JRE has been upgraded to 8.0u25 to address these vulnerabilities. See vendor advisory (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA) for more details.
CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the individual CVSS scores for each CVE listed above.
\x95 Multiple Cross-Site Scripting Vulnerabilities
CVE Identifier: CVE-2015-0513
Several user-supplied fields in the administrative user interface may be potentially exploited by an authenticated privileged malicious user to conduct cross-site-scripting attacks on other authenticated users of the system.
CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
\x95 Insecure Cryptographic Storage Vulnerability CVE Identifier: CVE-2015-0514 A malicious non-ViPR SRM user with access to an installation of ViPR SRM and knowledge of internal encryption methods could potentially decrypt credentials used for data center discovery. CVSS v2 Base Score: 5.7 (AV:A/AC:M/Au:N/C:C/I:N/A:N)
\x95 Unrestricted File Upload Vulnerability CVE Identifier: CVE-2015-0515 This vulnerability may potentially be exploited by an authenticated, privileged malicious user to upload arbitrary files into the file system via the web interface. CVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
\x95 Path Traversal Vulnerability CVE Identifier: CVE-2015-0516 This vulnerability may potentially be exploited by an authenticated, privileged malicious user to download arbitrary files from the file system via the web interface by manipulating the directory structure in the URL. CVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)
\x95 SUSE Procmail Heap Overflow Vulnerability
CVE Identifier: CVE-2014-3618
Procmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers. This issue affects only vApp deployments of the affected software.
CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS score.
\x95 NTP Multiple Vulnerabilities
CVE Identifier: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
NTP was updated to fix multiple vulnerabilities. See vendor advisory http://support.ntp.org/bin/view/Main/SecurityNotice for more details. These issues affect only vApp deployments of the affected software.
CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS scores.
Resolution: The following version contains the resolution to these issues: \x95 EMC M&R (Watch4Net) 6.5u1 and later \x95 EMC ViPR SRM 3.6.1 and later
EMC strongly recommends all customers upgrade at the earliest opportunity.
Link to remedies: Registered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM
Credits: EMC would like to thank Han Sahin of Securify B.V. (han.sahin@securify.nl) for reporting CVE-2015-0513 and CVE-2015-0514. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-34
http://security.gentoo.org/
Severity: High Title: NTP: Multiple vulnerabilities Date: December 24, 2014 Bugs: #533076 ID: 201412-34
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could result in remote execution of arbitrary code.
Background
NTP is a protocol designed to synchronize the clocks of computers over a network. The net-misc/ntp package contains the official reference implementation by the NTP Project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8 >= 4.2.8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8"
References
[ 1 ] CVE-2014-9293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293 [ 2 ] CVE-2014-9294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294 [ 3 ] CVE-2014-9295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295 [ 4 ] CVE-2014-9296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-34.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0614", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.7" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efficientip", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "huawei", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "omniti", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "watchguard", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.7p230" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-043) firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ne single model / cluster model ver.002.08.08 previous version" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "securebranch", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "version 3.2" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "ha8000 series", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "download server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux computenode optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux computenode", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.4.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.9.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.7.3" }, { "model": "network time protocol 4.2.7p10", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.7" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.6" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.5" }, { "model": "network time protocol 4.2.4p8@lennon-o-lpv", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.4p7@copenhagen-o", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.4" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.2" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.1.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nsm server software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsm series appliances", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos os 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r2-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2x51-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1x50-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.2x50-d70", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.2r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "xeon phi 7120p", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 7120a", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 5110p", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 3120a", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.4" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.3" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.2" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.1" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "71005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "71005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "pureflex", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x6" }, { "model": "pureflex", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x6" }, { "model": "pureflex x240m5+pen", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "pureflex x240m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "pureflex x220m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.7.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "nextscale nx360m5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "nextscale nx360m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.0" }, { "model": "infosphere balanced warehouse c4000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "infosphere balanced warehouse c3000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "idataplex dx360m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "rack v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "x8000" }, { "model": "v1300n v100r002c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tecal xh621 v100r001c00b010", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh320 v100r001c00spc105", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh311 v100r001c00spc100", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh310 v100r001c00spc100", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh5885h v100r003c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r003c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2485 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288h v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288e v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2285h v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2285 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh1288 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "oceanstor uds v100r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor uds v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s2600t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs88t v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs85t v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor 18800f v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "18800" }, { "model": "high-density server dh628 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh621 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh620 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh320 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "fusionsphere openstack v100r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c01spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vcn3000 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace usm v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v200r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c02spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace ivs v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c03", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c50", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c32", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c03", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cad v100r001c01lhue01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "e9000 chassis v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "e6000 chassis v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dc v100r002c01spc001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.10" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.01" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tcp/ip services for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.7" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "advanced server ha8000cr", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "0" }, { "model": "vipr srm", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "3.6.0" }, { "model": "m\u0026r", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.5" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex social", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server base", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server 2.0mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "virtualization experience client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "62150" }, { "model": "virtual systems operations center for vpe project", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape back office", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell ran management system wireless", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs invicta series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "transaction encryption device", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "service control engines system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "remote network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "remote conditional access system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "quantum son suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powervu network center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkey encryption server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network configuration and change management", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow collection agent", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "iptv service delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios xr for cisco network convergence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "international digital network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "finesse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "explorer controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dncs application server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital transport adapter control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common download server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "command server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mxg2 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints 10\" touch panel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "autobackup server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "network time protocol", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": "4.2.8" }, { "model": "network time protocol 4.2.7p230", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "junos os 14.2r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x55-d16", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x50-d90", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3x48-d15", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d35", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d50", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud entry fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "vcx", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.8.17" }, { "model": "vipr srm", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "3.6.1" }, { "model": "m\u0026r 6.5u1", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:ntp:ntp", "vulnerable": true }, { "cpe22Uri": "cpe:/h:nec:express5800", "vulnerable": true }, { "cpe22Uri": "cpe:/h:nec:istorage", "vulnerable": true }, { "cpe22Uri": "cpe:/h:nec:securebranch", "vulnerable": true }, { "cpe22Uri": "cpe:/h:nec:univerge", "vulnerable": true }, { "cpe22Uri": "cpe:/h:hitachi:ha8000", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007351" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stephen Roettger of the Google Security Team", "sources": [ { "db": "BID", "id": "71762" } ], "trust": 0.3 }, "cve": "CVE-2014-9294", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-9294", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-9294", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-9294", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-9294", "trust": 0.8, "value": "Medium" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Has been identified. http://cwe.mitre.org/data/definitions/338.htmlA brute force attack by a third party (Brute force attack) May break the cryptographic protection mechanism. NTP is prone to a predictable random number generator weakness. \nAn attacker can exploit this issue to guess generated MD5 keys that could then be used to spoof an NTP client or server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:003\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : ntp\n Date : January 5, 2015\n Affected: Business Server 1.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated ntp packages fix security vulnerabilities:\n \n If no authentication key is defined in the ntp.conf file, a\n cryptographically-weak default key is generated (CVE-2014-9293). \n \n A remote unauthenticated attacker may craft special packets that\n trigger buffer overflows in the ntpd functions crypto_recv() (when\n using autokey authentication), ctl_putdata(), and configure(). \n \n A section of code in ntpd handling a rare error is missing a return\n statement, therefore processing did not stop when the error was\n encountered. This situation may be exploitable by an attacker\n (CVE-2014-9296). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n http://advisories.mageia.org/MGASA-2014-0541.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm\n 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm\n df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm \n 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nSee the RESOLUTION\n section for a list of impacted hardware and Comware 5, Comware 5 Low\nEncryption SW, Comware 7, and VCX versions. Family\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n CVE #\n\n8800 (Comware 5)\n R3627P04\n JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP\n8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control\nUnit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis,\nJC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808\nRouter Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis,\nJC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing\nUnit, JC597A HP 8800 Single Fabric Main Processing Unit\n\n CVE-2014-9295\n\nA6600 (Comware 5)\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608\nRouter Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis,\nJC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing\nUnit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP\n6600 RPE-X1 TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6602 (Comware 5)\n R3303P18\n JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP\nHSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A\nHP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant\nRouter, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2\nRouter TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6800 (Comware 5)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nMSR20 (Comware 5)\n R2513P45\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40 Router, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X (Comware 5)\n R2513P45\n JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router,\nJD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service\nRouter, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW\nMulti-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP\nMSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router,\nJD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1\nMulti-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router\n(NA), JG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3\n(0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12\n(0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR\n20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R),\nH3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W\n(0235A32G)\n CVE-2014-9295\n\nMSR 30 (Comware 5)\n R2513P45\n JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40\nMulti-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP\nMSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service\nRouter, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router,\nJF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP\nMSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router,\nJF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP\nMSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268),\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267),\nH3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296),\nH3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router\nHost(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239),\nH3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60\n(0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3\n(0235A20V)\n CVE-2014-9295\n\nMSR 30-16 (Comware 5)\n R2513P45\n JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16\nMulti-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE\nRouter,\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3\n(0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238)\n CVE-2014-9295\n\nMSR 30-1X (Comware 5)\n R2513P45\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n CVE-2014-9295\n\nMSR 50 (Comware 5)\n R2513P45\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR\n50-60 Chassis (0235A20L)\n CVE-2014-9295\n\nMSR 50-G2 (Comware 5)\n R2513P45\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance\nMain Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)\n CVE-2014-9295\n\nMSR 9XX (Comware 5)\n R2513P45\n JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router,\nJF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA),\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR\n920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920\nRouter 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n CVE-2014-9295\n\nMSR 93X (Comware 5)\n R2513P45\n JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP\nMSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP\nMSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router,\nJG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930\n4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G\nLTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n N/A\n CVE-2014-9295\n\nMSR1000 (Comware 5)\n R2513P45\n JG732A HP MSR1003-8 AC Router\n N/A\n CVE-2014-9295\n\nMSR20 (Comware 5 - Low Encryption SW)\n R2513L61\n JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20\nRouter\n H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326)\n CVE-2014-9295\n\nMSR20-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393),\nH3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C\nRT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C\nRT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW\n1 ADSLoPOTS 1 DSIC (0235A0A8)\n CVE-2014-9295\n\nMSR30 (Comware 5 - Low Encryption SW)\n R2513L61\n JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC\nRouter, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP\nMSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE\nRouter, JF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C\nRT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR\n30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C\nRT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n CVE-2014-9295\n\nMSR30-16 (Comware 5 - Low Encryption SW)\n R2513L61\n JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n CVE-2014-9295\n\nMSR30-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC\n1XMIM 256DDR (0235A39H)\n CVE-2014-9295\n\nMSR50 (Comware 5 - Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C\nMSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P)\n CVE-2014-9295\n\nMSR50 G2 (Comware 5 - Low Encryption SW)\n R2513L61\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n CVE-2014-9295\n\n12500 (Comware 5)\n R1828P06\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP\n12500 TAA Main Processing Unit\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n9500E (Comware 5)\n R1828P06\n JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP\nA9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch\nChassis, JC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch\nChassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C\nS9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R)\n CVE-2014-9295\n\n10500 (Comware 5)\n R1208P10\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512\nSwitch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP\n10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch\nChassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512\nTAA-compliant Switch Chassis\n\n CVE-2014-9295\n\n7500 (Comware 5)\n R6708P10\n JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port\nGbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP\n7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports,\nJC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports,\nJC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP\n7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500\n384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module\nwith 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500\n384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A\nHP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500\n384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis,\nJD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506\nSwitch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis,\nJD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP\n7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch\nChassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric\nSlot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A\nHP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A\nHP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis\n\n CVE-2014-9295\n\n5830 (Comware 5)\n R1118P11\n JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G\nSwitch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A\nHP 5830AF-96G TAA-compliant Switch\n\n CVE-2014-9295\n\n5800 (Comware 5)\n R1809P03\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface\n\n CVE-2014-9295\n\n5820 (Comware 5)\n R1809P03\n JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+\nTAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2\nInterface Slots \u0026 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch\nwith 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2\nSlots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot,\nJG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP\n5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch\n\n CVE-2014-9295\n\n5500 HI (Comware 5)\n R5501P06\n JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP\n5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP\nHI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with\n2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots,\nJG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n\n CVE-2014-9295\n\n5500 EI (Comware 5)\n R2221P08\n JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP\n5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI\nSwitch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI\nSwitch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP\n5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI\nTAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant\nSwitch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch\nwith 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with\n2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2\nInterface Slots\n\n CVE-2014-9295\n\n4800G (Comware 5)\n R2221P08\n JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP\n4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch\n\n CVE-2014-9295\n\n5500SI (Comware 5)\n R2221P08\n JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP\n5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP\n5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI\nSwitch with 2 Interface Slots\n\n CVE-2014-9295\n\n4500G (Comware 5)\n R2221P08\n JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch\n\n CVE-2014-9295\n\n5120 EI (Comware 5)\n R2221P08\n JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP\n5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with\n2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP\n5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2\nInterface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots,\nJG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP\n5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP\n5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+\nEI TAA-compliant Switch with 2 Slots\n\n CVE-2014-9295\n\n4210G (Comware 5)\n R2221P08\n JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE\nSwitch\n\n CVE-2014-9295\n\n5120 SI (Comware 5)\n R1513P95\n JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP\n5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP\n5120-24G-PoE+ (170W) SI Switch\n\n CVE-2014-9295\n\n3610 (Comware 5)\n R5319P10\n JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP\n3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch\n\n CVE-2014-9295\n\n3600V2 (Comware 5)\n R2110P03\n JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP\n3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+\nv2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2\nEI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI\nSwitch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI\nSwitch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch,\nJG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP\n3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP\n3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP\n3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP\n3600-48-PoE+ v2 SI Switch\n\n CVE-2014-9295\n\n3100V2-48 (Comware 5)\n R2110P03\n JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch\n\n CVE-2014-9295\n\n3100V2 (Comware 5)\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP\n3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI\nSwitch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-9295\n\nHP870 (Comware 5)\n R2607P35\n JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP850 (Comware 5)\n R2607P35\n JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP830 (Comware 5)\n R3507P35\n JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port\nPoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN\nTAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN\nTAA-compliant\n\n CVE-2014-9295\n\nHP6000 (Comware 5)\n R2507P35\n JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G\nUnified Wired-WLAN TAA-compliant Module\n\n CVE-2014-9295\n\nWX5004-EI (Comware 5)\n R2507P35\n JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller,\nJD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller\n\n CVE-2014-9295\n\nSecBlade FW (Comware 5)\n R3181P05\n JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module,\nJD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall\nProcessing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A\nHP 5820 VPN Firewall Module\n\n CVE-2014-9295\n\nF1000-E (Comware 5)\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-A-EI (Comware 5)\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-S-EI (Comware 5)\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF5000-A (Comware 5)\n F3210P23\n JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main\nProcessing Unit, JG216A HP F5000 Firewall Standalone Chassis\n\n CVE-2014-9295\n\nU200S and CS (Comware 5)\n F5123P31\n JD273A HP U200-S UTM Appliance\n\n CVE-2014-9295\n\nU200A and M (Comware 5)\n F5123P31\n JD275A HP U200-A UTM Appliance\n\n CVE-2014-9295\n\nF5000-C/S (Comware 5)\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall\nAppliance\n\n CVE-2014-9295\n\nSecBlade III (Comware 5)\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500\n20Gbps VPN Firewall Module\n\n CVE-2014-9295\n\nMSR20 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X RU (Comware 5 Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router,\nJD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15\nA Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A\nHP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP\nMSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router,\nJF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP\nMSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router,\nJF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W\nRouter, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP\nMSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router\n\n CVE-2014-9295\n\nMSR30 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60\nRouter, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A\nHP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router,\nJF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A\nHP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC\nRouter, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A\nHP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20\nTAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router\n\n CVE-2014-9295\n\nMSR301X RU (Comware 5 Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E\nRouter, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router\n\n CVE-2014-9295\n\nMSR316 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16\nRouter, JF234A HP MSR30-16 PoE Router\n\n CVE-2014-9295\n\nMSR50 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR\n50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP\nMSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR50 EPU RU (Comware 5 Low Encryption SW)\n R2513L61\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module,\nJD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60\nRouter, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP\nMSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR1000 RU (Comware 5 Low Encryption SW)\n R2513L61\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-9295\n\n6600 RSE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1\nTAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\n6600 RPE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant\nMain Processing Unit\n\n CVE-2014-9295\n\n6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC176A) HP 6602 Router Chassis\n\n CVE-2014-9295\n\nHSR6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router\nChassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A\nHP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1\nRouter Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing\nUnit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG\nTAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main\nProcessing Unit\n\n CVE-2014-9295\n\nHSR6800 RU (Comware 5 Low Encryption SW)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nSMB1910 (Comware 5)\n R1108\n JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24\nSwitch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch\n\n CVE-2014-9295\n\nSMB1920 (Comware 5)\n R1106\n JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP\n1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP\n1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W)\nSwitch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch\n\n CVE-2014-9295\n\nV1910 (Comware 5)\n R1513P95\n JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE\n(365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G\nSwitch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A\nHP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-9295\n\nSMB 1620 (Comware 5)\n R1105\n JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G\nSwitch\n\n CVE-2014-9295\n\nCOMWARE 7 Products\n\n12500 (Comware 7)\n R7328P04\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP\n12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP\nFF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP\nFF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric\n12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch\nTAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant\nChassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A\nHP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric\n12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE\nQSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module,\nJG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric\n12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE\nCFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant\nModule, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant\nModule, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant\nModule, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module,\nJG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A\nHP FlexFabric 12508E Fabric Module\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n11900 (Comware 7)\n R7169P01\n JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing\nUnit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900\n32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A\nHP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF\nModule, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900\n2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF\n11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module\n\n CVE-2014-9295\n\n10500 (Comware 7)\n R7150\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA\nSwitch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA\nSwitch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A\nMPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware\nv7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+\n(SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP\n10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE\nSFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module,\nJH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE\nSFP+ (SFP+,LC) SG Module\n N/A\n CVE-2014-9295\n\n12900 (Comware 7)\n R1112\n JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910\nMain Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP\nFlexFabric 12916 Main Processing Unit\n\n CVE-2014-9295\n\n5900 (Comware 7)\n R2311P06\n JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch,\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA\nSwitch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP\n48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant\nSwitch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n\n CVE-2014-9295\n\n5920 (Comware 7)\n R2311P06\n JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-9295\n\nMSR1000 (Comware 7)\n R0106P31\n JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router\n\n CVE-2014-9295\n\nMSR2000 (Comware 7)\n R0106P31\n JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP\nMSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR3000 (Comware 7)\n R0106P31\n JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC\nRouter, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP\nMSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024\nTAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR4000 (Comware 7)\n R0106P31\n JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A\nHP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant\nMPU-100 Main Processing Unit\n\n CVE-2014-9295\n\n5800 (Comware 7)\n R7006P12\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B\nHP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+\nTAA-compliant Switch with 2 Interface Slots \u0026 1 OAA Slot, JG259B HP\n5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot,\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch\nwith 2 Interface Slots \u0026 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP\n5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+\nSwitch\n\n CVE-2014-9295\n\nVSR (Comware 7)\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software,\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004\nComware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual\nServices Router\n\n CVE-2014-9295\n\n7900 (Comware 7)\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch\nChassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit,\nJH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n\n CVE-2014-9295\n\n5130 (Comware 7)\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch,\nJG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI\nSwitch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP\n5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch,\nJG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP\n5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n\n CVE-2014-9295\n\n5700 (Comware 7)\n R2311P06\n JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric\n5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric\n5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant\nSwitch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP\nFlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n\n CVE-2014-9295\n\nVCX\n 9.8.17\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005\nPltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server,\nJE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL\n120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX\nIPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary,\nJE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM\nModule, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform\n9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router\nwith VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP\nMSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS\nMod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR\nw/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX\nConnect 100 Sec Server 9.0\n\n CVE -2014-9293 CVE-2014-9294 CVE-2014-9295\n\nHISTORY\nVersion:1 (rev.1) - 9 December 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nReferences:\n\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\nCVE-2014-9296\nCVE-2013-5211\nSSRT102239\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n Platform\n Patch Kit Name\n\n Alpha IA64 V8.4\n 75-117-380_2015-08-24.BCK\n\n NOTE: Please contact OpenVMS Technical Support to request these patch kits. \n\nHISTORY\nVersion:1 (rev.1) - 9 September 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. ============================================================================\nUbuntu Security Notice USN-2449-1\nDecember 22, 2014\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nNeel Mehta discovered that NTP generated weak authentication keys. A remote\nattacker could possibly use this issue to brute force the authentication\nkey and send requests if permitted by IP restrictions. (CVE-2014-9294)\n\nStephen Roettger discovered that NTP contained buffer overflows in the\ncrypto_recv(), ctl_putdata() and configure() functions. The default compiler options for affected releases should reduce the\nvulnerability to a denial of service. In addition, attackers would be\nisolated by the NTP AppArmor profile. (CVE-2014-9295)\n\nStephen Roettger discovered that NTP incorrectly continued processing when\nhandling certain errors. (CVE-2014-9296)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.2\n\nUbuntu 10.04 LTS:\n ntp 1:4.2.4p8+dfsg-1ubuntu2.2\n\nAfter a standard system update you need to regenerate any MD5 keys that\nwere manually created with ntp-keygen. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2449-1\n CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04582466\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04582466\nVersion: 1\n\nHPSBGN03277 rev.1 - HP Virtualization Performance Viewer, Remote Execution of\nCode, Denial of Service (DoS) and\n\nOther Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-06\nLast Updated: 2015-03-06\n\nPotential Security Impact: Remote execution of code, Denial of Service (DoS),\nand other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the NTP service\nthat is present on HP\n\nVirtualization Performance Viewer (vPV). These could be exploited remotely to\nexecute code, create a Denial of\n\nService (DoS), and other vulnerabilities. \n\nReferences:\n\nCVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG)\n(CWE-332)\nCVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338)\nCVE-2014-9295 - Stack Buffer Overflow (CWE-121)\nCVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389)\nSSRT101957\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Virtualization Performance Viewer v2.10, v2.01, v2.0, v1.X\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following information to mitigate the impact of these\nvulnerabilities. \n\nhttps://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea\nrch/document/KM01411809?/\n\nHISTORY\nVersion:1 (rev.1) - 6 March 2015 Initial release\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-\n\nalert@hp.com\nIt is strongly recommended that security related information being\ncommunicated to HP be encrypted using PGP,\n\nespecially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins\nvia Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\n\u0026jumpid=in_SC-\n\nGEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile\nto update appropriate sections. \n\nTo review previously published Security Bulletins visit:\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is\nrepresented by the 5th and 6th\n\ncharacters of the Bulletin number in the title: GN = HP General SW\n MA = HP Management Agents\n MI = Misc. 3rd Party SW\n\nMP = HP MPE/iX\n NS = HP NonStop Servers\n OV = HP OpenVMS\n\nPI = HP Printing \u0026 Imaging\n ST = HP Storage SW\n TL = HP Trusted Linux\n\nTU = HP Tru64 UNIX\n UX = HP-UX\n VV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to\nmaintain system integrity. HP is\n\ncontinually reviewing and enhancing the security features of software\nproducts to provide customers with current\n\nsecure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the\nattention of users of the affected\n\nHP products the important security information contained in this Bulletin. HP\nrecommends that all users\n\ndetermine the applicability of this information to their individual\nsituations and take appropriate action. HP\n\ndoes not warrant that this information is necessarily accurate or complete\nfor all user situations and,\n\nconsequently, HP will not be responsible for any damages resulting from\nuser\u0027s use or disregard of the\n\ninformation provided in this Bulletin. To the extent permitted by law, HP\ndisclaims all warranties, either\n\nexpress or implied, including the warranties of merchantability and fitness\nfor a particular purpose, title and\n\nnon-infringement.\"\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The\n\ninformation provided is provided \"as is\" without warranty of any kind. To the\nextent permitted by law, neither\n\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental, special or consequential\n\ndamages including downtime cost; lost profits; damages relating to the\nprocurement of substitute products or\n\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to\n\nchange without notice. Hewlett-Packard Company and the names of\nHewlett-Packard products referenced herein are\n\ntrademarks of Hewlett-Packard Company in the United States and other\ncountries. Other product and company names\n\nmentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlT6CWUACgkQ4B86/C0qfVk6XQCg6QDwe+ba3WDTOzIDQg4Pxs9V\n3ZMAn3DdFKuMO7w/MMmSc+DGUzK+zvUh\n=JNjz\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities \n\nEMC Identifier: ESA-2015-004\n\nCVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-3618\n\nSeverity Rating: CVSS v2 Base Score: View details below for individual CVSS score for each CVE\n\nAffected products: \n\\x95\tEMC M\u0026R (Watch4Net) versions prior 6.5u1\n\\x95\tEMC ViPR SRM versions prior to 3.6.1\n\nSummary:\nEMC M\u0026R (Watch4Net) is vulnerable to multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. EMC ViPR SRM is built on EMC M\u0026R platform and is also affected by these vulnerabilities. \n\nDetails:\nThe vulnerabilities include:\n\\x95\tMultiple Oracle Java Runtime Environment (JRE) Vulnerabilities\nCVE Identifiers: CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562. \n\nOracle JRE contains multiple security vulnerabilities. Oracle JRE has been upgraded to 8.0u25 to address these vulnerabilities. See vendor advisory (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA) for more details. \nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the individual CVSS scores for each CVE listed above. \n\n\\x95\tMultiple Cross-Site Scripting Vulnerabilities\nCVE Identifier: CVE-2015-0513\nSeveral user-supplied fields in the administrative user interface may be potentially exploited by an authenticated privileged malicious user to conduct cross-site-scripting attacks on other authenticated users of the system. \nCVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n\\x95\tInsecure Cryptographic Storage Vulnerability \nCVE Identifier: CVE-2015-0514\nA malicious non-ViPR SRM user with access to an installation of ViPR SRM and knowledge of internal encryption methods could potentially decrypt credentials used for data center discovery. \nCVSS v2 Base Score: 5.7 (AV:A/AC:M/Au:N/C:C/I:N/A:N)\n\n\\x95\tUnrestricted File Upload Vulnerability \nCVE Identifier: CVE-2015-0515\nThis vulnerability may potentially be exploited by an authenticated, privileged malicious user to upload arbitrary files into the file system via the web interface. \nCVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)\n\n\\x95\tPath Traversal Vulnerability\nCVE Identifier: CVE-2015-0516\nThis vulnerability may potentially be exploited by an authenticated, privileged malicious user to download arbitrary files from the file system via the web interface by manipulating the directory structure in the URL. \nCVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)\n\n\\x95\tSUSE Procmail Heap Overflow Vulnerability \nCVE Identifier: CVE-2014-3618\nProcmail was updated to fix a heap-overflow in procmail\u0027s formail utility when processing specially-crafted email headers. This issue affects only vApp deployments of the affected software. \nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS score. \n\n\\x95\tNTP Multiple Vulnerabilities \nCVE Identifier: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296\nNTP was updated to fix multiple vulnerabilities. See vendor advisory http://support.ntp.org/bin/view/Main/SecurityNotice for more details. These issues affect only vApp deployments of the affected software. \nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS scores. \n\n\nResolution:\nThe following version contains the resolution to these issues:\n\\x95\tEMC M\u0026R (Watch4Net) 6.5u1 and later\n\\x95\tEMC ViPR SRM 3.6.1 and later\n\nEMC strongly recommends all customers upgrade at the earliest opportunity. \n\nLink to remedies:\nRegistered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM \n \nCredits:\nEMC would like to thank Han Sahin of Securify B.V. (han.sahin@securify.nl) for reporting CVE-2015-0513 and CVE-2015-0514. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-34\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: NTP: Multiple vulnerabilities\n Date: December 24, 2014\n Bugs: #533076\n ID: 201412-34\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould result in remote execution of arbitrary code. \n\nBackground\n==========\n\nNTP is a protocol designed to synchronize the clocks of computers over\na network. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8 \u003e= 4.2.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293\n[ 2 ] CVE-2014-9294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294\n[ 3 ] CVE-2014-9295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295\n[ 4 ] CVE-2014-9296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-34.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2014-9294" }, { "db": "CERT/CC", "id": "VU#852879" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "BID", "id": "71762" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "PACKETSTORM", "id": "129723" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#852879", "trust": 2.9 }, { "db": "NVD", "id": "CVE-2014-9294", "trust": 2.8 }, { "db": "BID", "id": "71762", "trust": 1.3 }, { "db": "MCAFEE", "id": "SB10103", "trust": 1.0 }, { "db": "SECUNIA", "id": "62209", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-14-353-01", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-14-353-01C", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96605606", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007351", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-14-353-01A", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10663", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "129793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134756", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133517", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129684", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130709", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130031", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129723", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "id": "VAR-201412-0614", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38031465625 }, "last_update_date": "2024-11-29T20:17:43.564000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ntp-4.2.2p1-18.0.1.AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4191\u0026sType=\u0026sProduct=\u0026published=1" }, { "title": "ntp-4.2.6p5-2.0.2.AXS4", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4190\u0026sType=\u0026sProduct=\u0026published=1" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd" }, { "title": "HPSBPV03266 SSRT101878", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04574882" }, { "title": "HPSBGN03277 SSRT101957", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04582466" }, { "title": "NV15-009", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-009.html" }, { "title": "Bug 2666", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2666" }, { "title": "Changes for util/ntp-keygen.c", "trust": 0.8, "url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs\u0026REV=4eae1b72298KRoBQmX-y8URCiRPH5g" }, { "title": "Security Notice", "trust": 0.8, "url": "http://support.ntp.org/bin/view/Main/SecurityNotice" }, { "title": "Bug 1176035", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035" }, { "title": "RHSA-2014:2025", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2014-2025.html" }, { "title": "RHSA-2015:0104", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2015-0104.html" }, { "title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1 Network Time Protocol daemon (ntpd)\u306e\u8106\u5f31\u6027(CVE-2014-9293\u301c9296)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/ntpd_cve-2014-9293.html" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/JP/112/1127/1127934_cisco-sa-20141222-ntpd-j.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007351" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "trust": 2.1, "url": "http://www.kb.cert.org/vuls/id/852879" }, { "trust": 1.9, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 1.9, "url": "http://advisories.mageia.org/mgasa-2014-0541.html" }, { "trust": 1.6, "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html" }, { "trust": 1.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.1, "url": "http://www.ntp.org/downloads.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10103" }, { "trust": 1.0, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" }, { "trust": 1.0, "url": "http://secunia.com/advisories/62209" }, { "trust": 1.0, "url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?page=diffs\u0026rev=4eae1b72298krobqmx-y8urcirph5g" }, { "trust": 1.0, "url": "http://rhn.redhat.com/errata/rhsa-2015-0104.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2" }, { "trust": 1.0, "url": "http://bugs.ntp.org/show_bug.cgi?id=2666" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/71762" }, { "trust": 1.0, "url": "http://rhn.redhat.com/errata/rhsa-2014-2025.html" }, { "trust": 1.0, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:003" }, { "trust": 1.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035" }, { "trust": 1.0, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2" }, { "trust": 1.0, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04916783" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2" }, { "trust": 0.8, "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm" }, { "trust": 0.8, "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01" }, { "trust": 0.8, "url": "https://support.apple.com/en-us/ht6601" }, { "trust": 0.8, "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01c" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu96605606/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9294" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574882" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101006439" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032" }, { "trust": 0.3, "url": "http://support.citrix.com/article/ctx200355" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/jan/att-97/esa-2015-004.txt" }, { "trust": 0.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:31.ntp.asc" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04582466" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04916783" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/sep/41" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699578" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696755" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01a" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022036" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1ssrvpoaix71security150210-1549" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696812" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020645" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097484" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097490" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/ntpd_cve-2014-9293.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5211" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2449-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://support.emc.com/downloads/34247_vipr-srm" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6558" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#appendixjava)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6532" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6457" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6527" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6493" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6485" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6458" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6504" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9294" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9296" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9295" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201412-34.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9293" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-19T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2014-12-19T00:00:00", "db": "BID", "id": "71762" }, { "date": "2014-12-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "date": "2015-01-05T16:17:48", "db": "PACKETSTORM", "id": "129793" }, { "date": "2015-12-10T17:24:17", "db": "PACKETSTORM", "id": "134756" }, { "date": "2015-09-10T00:10:00", "db": "PACKETSTORM", "id": "133517" }, { "date": "2014-12-22T17:16:05", "db": "PACKETSTORM", "id": "129684" }, { "date": "2015-03-09T20:18:03", "db": "PACKETSTORM", "id": "130709" }, { "date": "2015-01-20T17:32:22", "db": "PACKETSTORM", "id": "130031" }, { "date": "2014-12-26T15:46:55", "db": "PACKETSTORM", "id": "129723" }, { "date": "2014-12-20T02:59:01.587000", "db": "NVD", "id": "CVE-2014-9294" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-27T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2016-10-26T09:11:00", "db": "BID", "id": "71762" }, { "date": "2016-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "date": "2024-11-21T02:20:34.133000", "db": "NVD", "id": "CVE-2014-9294" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "PACKETSTORM", "id": "129723" } ], "trust": 0.5 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)", "sources": [ { "db": "CERT/CC", "id": "VU#852879" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "71762" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.