Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-1781
Vulnerability from csaf_certbund
Published
2024-08-06 22:00
Modified
2024-08-06 22:00
Summary
Aruba ArubaOS: Mehrere Schwachstellen ermöglichen Codeausführung und DOS
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode auszuführen und einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ArubaOS ist das Betriebssystem der Aruba Netzwerkprodukte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Aruba ArubaOS ausnutzen, um beliebigen Programmcode auszuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1781 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1781.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1781 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1781"
},
{
"category": "external",
"summary": "HPE Security Bulletin vom 2024-08-06",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source_lang": "en-US",
"title": "Aruba ArubaOS: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung und DOS",
"tracking": {
"current_release_date": "2024-08-06T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:12:01.651+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1781",
"initial_release_date": "2024-08-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6.0.1",
"product": {
"name": "Aruba ArubaOS \u003c10.6.0.1",
"product_id": "T036637"
}
},
{
"category": "product_version_range",
"name": "\u003c10.4.1.4",
"product": {
"name": "Aruba ArubaOS \u003c10.4.1.4",
"product_id": "T036638"
}
}
],
"category": "product_name",
"name": "ArubaOS"
}
],
"category": "vendor",
"name": "Aruba"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48795",
"notes": [
{
"category": "description",
"text": "In ArubaOS bestehen mehrere Schwachstellen aufgrund von Fehlern in der OpenSSH-Komponente. Diese Schwachstellen sind auf eine unsachgem\u00e4\u00dfe Behandlung von Shell-Metazeichen und Integrit\u00e4tspr\u00fcfungen zur\u00fcckzuf\u00fchren, die die Einschleusung von Betriebssystembefehlen und die Umgehung von Sicherheitsma\u00dfnahmen erm\u00f6glichen. Ein entfernter, anonymer Angreifer k\u00f6nnte diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren."
}
],
"release_date": "2024-08-06T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51385",
"notes": [
{
"category": "description",
"text": "In ArubaOS bestehen mehrere Schwachstellen aufgrund von Fehlern in der OpenSSH-Komponente. Diese Schwachstellen sind auf eine unsachgem\u00e4\u00dfe Behandlung von Shell-Metazeichen und Integrit\u00e4tspr\u00fcfungen zur\u00fcckzuf\u00fchren, die die Einschleusung von Betriebssystembefehlen und die Umgehung von Sicherheitsma\u00dfnahmen erm\u00f6glichen. Ein entfernter, anonymer Angreifer k\u00f6nnte diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren."
}
],
"release_date": "2024-08-06T22:00:00.000+00:00",
"title": "CVE-2023-51385"
},
{
"cve": "CVE-2024-42398",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS bestehen mehrere Schwachstellen. Diese Schwachstellen betreffen den AP-Zertifikatsverwaltungs-Daemon, auf den \u00fcber das PAPI-Protokoll zugegriffen wird, aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Anfragen. Ein anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-08-06T22:00:00.000+00:00",
"title": "CVE-2024-42398"
},
{
"cve": "CVE-2024-42399",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS bestehen mehrere Schwachstellen. Diese Schwachstellen betreffen den AP-Zertifikatsverwaltungs-Daemon, auf den \u00fcber das PAPI-Protokoll zugegriffen wird, aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Anfragen. Ein anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-08-06T22:00:00.000+00:00",
"title": "CVE-2024-42399"
},
{
"cve": "CVE-2024-42400",
"notes": [
{
"category": "description",
"text": "In Aruba ArubaOS bestehen mehrere Schwachstellen. Diese Schwachstellen betreffen den AP-Zertifikatsverwaltungs-Daemon, auf den \u00fcber das PAPI-Protokoll zugegriffen wird, aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Anfragen. Ein anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2024-08-06T22:00:00.000+00:00",
"title": "CVE-2024-42400"
}
]
}
cve-2023-48795
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:27.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.paramiko.org/changelog.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/openbsd.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.terrapin-attack.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"tags": [
"x_transferred"
],
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/920280"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"tags": [
"x_transferred"
],
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"tags": [
"x_transferred"
],
"url": "https://crates.io/crates/thrussh/versions"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"tags": [
"x_transferred"
],
"url": "https://filezilla-project.org/versions.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://nova.app/releases/#v11.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"tags": [
"x_transferred"
],
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:06:23.972272",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
},
{
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
},
{
"url": "https://www.netsarang.com/en/xshell-update-history/"
},
{
"url": "https://www.paramiko.org/changelog.html"
},
{
"url": "https://www.openssh.com/openbsd.html"
},
{
"url": "https://github.com/openssh/openssh-portable/commits/master"
},
{
"url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
},
{
"url": "https://www.bitvise.com/ssh-server-version-history"
},
{
"url": "https://github.com/ronf/asyncssh/tags"
},
{
"url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
},
{
"url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
},
{
"url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
},
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
},
{
"url": "https://www.terrapin-attack.com"
},
{
"url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
},
{
"url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
},
{
"url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
},
{
"url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
},
{
"url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
},
{
"url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
},
{
"url": "https://github.com/paramiko/paramiko/issues/2337"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
},
{
"url": "https://news.ycombinator.com/item?id=38684904"
},
{
"url": "https://news.ycombinator.com/item?id=38685286"
},
{
"name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
},
{
"url": "https://github.com/mwiede/jsch/issues/457"
},
{
"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
},
{
"url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
},
{
"url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"url": "https://bugs.gentoo.org/920280"
},
{
"url": "https://ubuntu.com/security/CVE-2023-48795"
},
{
"url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-48795"
},
{
"url": "https://github.com/mwiede/jsch/pull/461"
},
{
"url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
},
{
"url": "https://github.com/libssh2/libssh2/pull/1291"
},
{
"url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
},
{
"url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
},
{
"url": "https://github.com/rapier1/hpn-ssh/releases"
},
{
"url": "https://github.com/proftpd/proftpd/issues/456"
},
{
"url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
},
{
"url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
},
{
"url": "https://oryx-embedded.com/download/#changelog"
},
{
"url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
},
{
"url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
},
{
"url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
},
{
"url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
},
{
"url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
},
{
"url": "https://crates.io/crates/thrussh/versions"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/275249"
},
{
"name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
},
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
},
{
"url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
},
{
"name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
},
{
"url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
},
{
"url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
},
{
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"url": "https://github.com/hierynomus/sshj/issues/916"
},
{
"url": "https://github.com/janmojzis/tinyssh/issues/81"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
},
{
"url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
},
{
"url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
},
{
"name": "FEDORA-2023-0733306be9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
},
{
"url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
},
{
"url": "https://filezilla-project.org/versions.php"
},
{
"url": "https://nova.app/releases/#v11.8"
},
{
"url": "https://roumenpetrov.info/secsh/#news20231220"
},
{
"url": "https://www.vandyke.com/products/securecrt/history.txt"
},
{
"url": "https://help.panic.com/releasenotes/transmit5/"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
},
{
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
},
{
"url": "https://winscp.net/eng/docs/history#6.2.2"
},
{
"url": "https://www.bitvise.com/ssh-client-version-history#933"
},
{
"url": "https://github.com/cyd01/KiTTY/issues/520"
},
{
"name": "DSA-5588",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5588"
},
{
"url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
},
{
"url": "https://news.ycombinator.com/item?id=38732005"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "GLSA-202312-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-16"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"name": "FEDORA-2023-20feb865d8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
},
{
"name": "FEDORA-2023-cb8c606fbb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
},
{
"name": "FEDORA-2023-e77300e4b5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
},
{
"name": "FEDORA-2023-b87ec6cf47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
},
{
"name": "FEDORA-2023-153404713b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
},
{
"name": "FEDORA-2024-3bb23c77f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
},
{
"name": "FEDORA-2023-55800423a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
},
{
"name": "FEDORA-2024-d946b9ad25",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
},
{
"name": "FEDORA-2024-71c2c6526c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
},
{
"name": "FEDORA-2024-39a8c72ea9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
},
{
"name": "FEDORA-2024-ae653fb07b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"name": "FEDORA-2024-2705241461",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
},
{
"name": "FEDORA-2024-fb32950d11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"name": "FEDORA-2024-7b08207cdb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
},
{
"name": "FEDORA-2024-06ebb70bdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
},
{
"name": "FEDORA-2024-a53b24023d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
},
{
"name": "FEDORA-2024-3fd1bc9276",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
},
{
"name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
},
{
"name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48795",
"datePublished": "2023-12-18T00:00:00",
"dateReserved": "2023-11-20T00:00:00",
"dateUpdated": "2024-08-02T21:46:27.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42400
Vulnerability from cvelistv5
Published
2024-08-06 19:51
Modified
2024-08-06 20:27
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:27:16.617985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T20:27:49.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:51:17.264Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42400",
"datePublished": "2024-08-06T19:51:17.264Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-06T20:27:49.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-51385
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:32:09.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"tags": [
"x_transferred"
],
"url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/26/4"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:08:08.727930",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/txt/release-9.6"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a"
},
{
"name": "DSA-5586",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5586"
},
{
"url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html"
},
{
"name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
},
{
"name": "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/26/4"
},
{
"name": "GLSA-202312-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-17"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240105-0005/"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51385",
"datePublished": "2023-12-18T00:00:00",
"dateReserved": "2023-12-18T00:00:00",
"dateUpdated": "2024-08-02T22:32:09.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42399
Vulnerability from cvelistv5
Published
2024-08-06 19:48
Modified
2024-08-06 20:27
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:27:21.784664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T20:27:55.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:48:07.255Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42399",
"datePublished": "2024-08-06T19:48:07.255Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-06T20:27:55.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42398
Vulnerability from cvelistv5
Published
2024-08-06 19:37
Modified
2024-08-06 20:12
Severity ?
EPSS score ?
Summary
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hewlett Packard Enterprise | HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Version: Version 8.12.0.0: 8.12.0.1 and below ≤ <=8.12.0.1 Version: Version 8.10.0.0: 8.10.0.12 and below ≤ <=8.10.0.12 Version: Version 10.6.0.0: 10.6.0.0 and below ≤ <=10.6.0.0 Version: Version 10.4.0.0: 10.4.1.3 and below ≤ <=10.4.1.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.1",
"status": "affected",
"version": "10.6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.1.2",
"status": "affected",
"version": "10.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.12.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.2",
"status": "affected",
"version": "8.12.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.13",
"status": "affected",
"version": "8.10.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.6.0.0",
"status": "affected",
"version": "10.5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:8.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.6.0.0",
"status": "affected",
"version": "8.4.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:instant:6.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "instant",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.6.0.0",
"status": "affected",
"version": "6.4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:49:16.243921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T20:12:26.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"lessThanOrEqual": "\u003c=8.12.0.1",
"status": "affected",
"version": "Version 8.12.0.0: 8.12.0.1 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=8.10.0.12",
"status": "affected",
"version": "Version 8.10.0.0: 8.10.0.12 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.6.0.0",
"status": "affected",
"version": "Version 10.6.0.0: 10.6.0.0 and below",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.4.1.3",
"status": "affected",
"version": "Version 10.4.0.0: 10.4.1.3 and below",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "zzcentury from Ubisectech Sirius Team (https://www.ubisectech.com/)"
}
],
"datePublic": "2024-08-06T19:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"value": "Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:38:53.191Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04678",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-42398",
"datePublished": "2024-08-06T19:37:12.816Z",
"dateReserved": "2024-07-31T20:37:28.338Z",
"dateUpdated": "2024-08-06T20:12:26.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.