Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-15126 (GCVE-0-2019-15126)
Vulnerability from cvelistv5 – Published: 2020-02-05 16:17 – Updated: 2024-08-05 00:34
VLAI?
EPSS
Summary
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210721"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T18:08:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210721"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT210721",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210721"
},
{
"name": "https://support.apple.com/kb/HT210722",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "https://support.apple.com/kb/HT210788",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
},
{
"name": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/",
"refsource": "CONFIRM",
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_03",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
},
{
"name": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15126",
"datePublished": "2020-02-05T16:17:37.000Z",
"dateReserved": "2019-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:34:53.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15126
Vulnerability from fstec - Published: 05.02.2020
VLAI Severity ?
Title
Уязвимость драйвера Wi-Fi чипсетов Broadcom, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость драйвера Wi-Fi чипсетов Broadcom связана с ошибками синхронизации при использовании общего ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity ?
Vendor
Cisco Systems Inc., Apple Inc.
Software Name
Cisco RV215W, Cisco RV110W, OS X, Cisco Connected Grid Routers, Cisco RV340W, Small Business WAP125, Small Business WAP150, Small Business WAP361, Small Business WAP571, Small Business WAP571E, Small Business WAP581, Cisco Wireless IP Phone 8821, Catalyst 9120, Catalyst 9115 Wi-Fi 6
Software Version
. (Cisco RV215W), . (Cisco RV110W), до 10.15.1 (OS X), - (Cisco Connected Grid Routers), - (Cisco RV340W), - (Small Business WAP125), - (Small Business WAP150), - (Small Business WAP361), - (Small Business WAP571), - (Small Business WAP571E), - (Small Business WAP581), - (Cisco Wireless IP Phone 8821), - (Catalyst 9120), - (Catalyst 9115 Wi-Fi 6)
Possible Mitigations
Использование рекомендаций производителя:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://nvd.nist.gov/vuln/detail/CVE-2020-15126
CWE
CWE-367
{
"CVSS 2.0": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc., Apple Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": ". (Cisco RV215W), . (Cisco RV110W), \u0434\u043e 10.15.1 (OS X), - (Cisco Connected Grid Routers), - (Cisco RV340W), - (Small Business WAP125), - (Small Business WAP150), - (Small Business WAP361), - (Small Business WAP571), - (Small Business WAP571E), - (Small Business WAP581), - (Cisco Wireless IP Phone 8821), - (Catalyst 9120), - (Catalyst 9115 Wi-Fi 6)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.02.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.03.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.03.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01161",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-15126",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco RV215W, Cisco RV110W, OS X, Cisco Connected Grid Routers, Cisco RV340W, Small Business WAP125, Small Business WAP150, Small Business WAP361, Small Business WAP571, Small Business WAP571E, Small Business WAP581, Cisco Wireless IP Phone 8821, Catalyst 9120, Catalyst 9115 Wi-Fi 6",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0Wi-Fi\u00a0\u0447\u0438\u043f\u0441\u0435\u0442\u043e\u0432\u00a0Broadcom, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438 Time-of-check Time-of-use (TOCTOU) (CWE-367)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0Wi-Fi\u00a0\u0447\u0438\u043f\u0441\u0435\u0442\u043e\u0432\u00a0Broadcom \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15126",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-367",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,9)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,1)"
}
GHSA-P2G8-8J8X-3728
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08
VLAI?
Details
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
{
"affected": [],
"aliases": [
"CVE-2019-15126"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-05T17:15:00Z",
"severity": "LOW"
},
"details": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.",
"id": "GHSA-p2g8-8j8x-3728",
"modified": "2022-05-24T17:08:02Z",
"published": "2022-05-24T17:08:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15126"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210721"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210722"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210788"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
},
{
"type": "WEB",
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"type": "WEB",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2022-AVI-041
Vulnerability from certfr_avis - Published: 2022-01-14 - Updated: 2022-01-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
}
],
"initial_release_date": "2022-01-14T00:00:00",
"last_revision_date": "2022-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220068-1 du 14 janvier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220068-1/"
}
]
}
CERTFR-2022-AVI-144
Vulnerability from certfr_avis - Published: 2022-02-14 - Updated: 2022-02-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-4202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
},
{
"name": "CVE-2021-39657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39657"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2021-45095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-22600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
},
{
"name": "CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2020-28097",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28097"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
},
{
"name": "CVE-2021-39648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39648"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
}
],
"initial_release_date": "2022-02-14T00:00:00",
"last_revision_date": "2022-02-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-144",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220371-1 du 11 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220371-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220370-1 du 11 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220370-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220372-1 du 11 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220372-1/"
}
]
}
CERTFR-2023-AVI-0133
Vulnerability from certfr_avis - Published: 2023-02-15 - Updated: 2023-02-15
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une usurpation d'identité, une exécution de code à distance, une élévation de privilèges, une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | HoloLens 1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 18) | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU 4) | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU 4) | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Unified Service Desk | ||
| Microsoft | N/A | Power BI Report Server - January 2023 | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connectivity Pack | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Print 3D | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Defender pour IoT | ||
| Microsoft | N/A | Microsoft Defender Security Intelligence Updates | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | 3D Builder | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR) |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HoloLens 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 18)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Unified Service Desk",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Power BI Report Server - January 2023",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connectivity Pack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Print 3D",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender Security Intelligence Updates",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "3D Builder",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21715"
},
{
"name": "CVE-2023-21568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21568"
},
{
"name": "CVE-2023-23379",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23379"
},
{
"name": "CVE-2022-23521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
},
{
"name": "CVE-2023-21567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21567"
},
{
"name": "CVE-2023-21718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21718"
},
{
"name": "CVE-2023-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21716"
},
{
"name": "CVE-2023-21572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21572"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2023-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21705"
},
{
"name": "CVE-2023-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21529"
},
{
"name": "CVE-2023-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21710"
},
{
"name": "CVE-2023-21571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21571"
},
{
"name": "CVE-2023-21778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21778"
},
{
"name": "CVE-2023-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21809"
},
{
"name": "CVE-2023-23390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23390"
},
{
"name": "CVE-2023-23377",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23377"
},
{
"name": "CVE-2023-23381",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23381"
},
{
"name": "CVE-2023-21566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21566"
},
{
"name": "CVE-2023-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21806"
},
{
"name": "CVE-2023-21807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21807"
},
{
"name": "CVE-2023-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21714"
},
{
"name": "CVE-2023-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21706"
},
{
"name": "CVE-2023-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21713"
},
{
"name": "CVE-2023-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21808"
},
{
"name": "CVE-2023-21573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21573"
},
{
"name": "CVE-2023-21528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21528"
},
{
"name": "CVE-2023-41953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41953"
},
{
"name": "CVE-2023-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21704"
},
{
"name": "CVE-2023-21570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21570"
},
{
"name": "CVE-2023-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21707"
},
{
"name": "CVE-2023-21815",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21815"
},
{
"name": "CVE-2023-23378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23378"
}
],
"initial_release_date": "2023-02-15T00:00:00",
"last_revision_date": "2023-02-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21716 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21713 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2019-15126 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-15126"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21566 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21808 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21705 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21707 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21568 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21571 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21571"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21806 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21573 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21573"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21570 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21570"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21572 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21572"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21714 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21714"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23379 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23379"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23377 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23377"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21815 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21710 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21715 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21718 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21706 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21529 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21528 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23521 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23521"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23378 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23378"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21704 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21567 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21567"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23390 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23390"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21807 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21807"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21809 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21809"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21778 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21778"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41953 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41953"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23381 du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381"
}
],
"reference": "CERTFR-2023-AVI-0133",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une usurpation d\u0027identit\u00e9, une ex\u00e9cution de code\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9 et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 f\u00e9vrier 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-043
Vulnerability from certfr_avis - Published: 2022-01-17 - Updated: 2022-01-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE MicroOS 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2020-24504",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24504"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2021-4001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4001"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
}
],
"initial_release_date": "2022-01-17T00:00:00",
"last_revision_date": "2022-01-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-043",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220080-1 du 14 janvier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220080-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220079-1 du 14 janvier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220079-1/"
}
]
}
CERTFR-2022-AVI-047
Vulnerability from certfr_avis - Published: 2022-01-19 - Updated: 2022-01-19
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
}
],
"initial_release_date": "2022-01-19T00:00:00",
"last_revision_date": "2022-01-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-047",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de SUSE suse-su-20220090-1 du 17 janvier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220090-1/"
}
]
}
CERTFR-2022-AVI-141
Vulnerability from certfr_avis - Published: 2022-02-11 - Updated: 2022-02-11
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2-BCL | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Storage 7 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | N/A | SUSE CaaS Platform 4.0 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Storage 6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP1 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.0 | ||
| SUSE | N/A | HPE Helion Openstack 8 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Enterprise Storage 7 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2-LTSS | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.1 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud 8 | ||
| SUSE | N/A | SUSE Enterprise Storage 6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 15-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Storage 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Storage 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "HPE Helion Openstack 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2021-4202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
},
{
"name": "CVE-2021-39657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39657"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2021-45095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2020-35519",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35519"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-22600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
},
{
"name": "CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2020-28097",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28097"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
},
{
"name": "CVE-2021-39648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39648"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
}
],
"initial_release_date": "2022-02-11T00:00:00",
"last_revision_date": "2022-02-11T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-141",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220362-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220362-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220363-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220363-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220364-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220364-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220365-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220365-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220367-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220367-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220366-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220366-1/"
}
]
}
CERTFR-2021-AVI-991
Vulnerability from certfr_avis - Published: 2021-12-31 - Updated: 2021-12-31
Une vulnérabilité a été découverte dans le noyau Linux de SUSE. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE MicroOS 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
}
],
"initial_release_date": "2021-12-31T00:00:00",
"last_revision_date": "2021-12-31T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUZE suse-su-20214200-1 du 31 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214200-1/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUZE suse-su-20214201-1 du 31 d\u00e9cembre 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214201-1/"
}
],
"reference": "CERTFR-2021-AVI-991",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le noyau Linux de SUSE. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20214201-1 du 31 d\u00e9cembre 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20214200-1 du 31 d\u00e9cembre 2021",
"url": null
}
]
}
CERTFR-2020-AVI-494
Vulnerability from certfr_avis - Published: 2020-08-11 - Updated: 2020-08-11
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Desigo CC versions V3.x sans le dernier correctif de sécurité | ||
| Siemens | N/A | Automation License Manager versions antérieures à V6.0.8 | ||
| Siemens | N/A | microgiciel SICAM WEB pour SICAM A8000 RTUs versions antérieures à V05.30 | ||
| Siemens | N/A | Desigo CC Compact versions V3.x sans le dernier correctif de sécurité | ||
| Siemens | N/A | Desigo CC Compact versions V4.x sans le dernier correctif de sécurité | ||
| Siemens | N/A | RUGGEDCOM RM1224 versions antérieures à 6.3 | ||
| Siemens | N/A | Desigo CC versions V4.x sans le dernier correctif de sécurité | ||
| Siemens | N/A | SIMATIC RF650M | ||
| Siemens | N/A | SIMOTICS CONNECT 400 | ||
| Siemens | N/A | SIMATIC RF350M | ||
| Siemens | N/A | SCALANCE M-800 / S615 versions antérieures à 6.3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Desigo CC versions V3.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Automation License Manager versions ant\u00e9rieures \u00e0 V6.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "microgiciel SICAM WEB pour SICAM A8000 RTUs versions ant\u00e9rieures \u00e0 V05.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC Compact versions V3.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC Compact versions V4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC versions V4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF650M",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTICS CONNECT 400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF350M",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7583"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2020-8597",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8597"
},
{
"name": "CVE-2020-15781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15781"
},
{
"name": "CVE-2020-10055",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10055"
}
],
"initial_release_date": "2020-08-11T00:00:00",
"last_revision_date": "2020-08-11T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-494",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-08-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-370042 du 11 ao\u00fbt 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-370042.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-809841 du 11 ao\u00fbt 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-786743 du 11 ao\u00fbt 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388646 du 11 ao\u00fbt 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712518 du 11 ao\u00fbt 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
}
]
}
GSD-2019-15126
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-15126",
"description": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.",
"id": "GSD-2019-15126",
"references": [
"https://www.suse.com/security/cve/CVE-2019-15126.html",
"https://advisories.mageia.org/CVE-2019-15126.html",
"https://packetstormsecurity.com/files/cve/CVE-2019-15126"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-15126"
],
"details": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.",
"id": "GSD-2019-15126",
"modified": "2023-12-13T01:23:38.893523Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT210721",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210721"
},
{
"name": "https://support.apple.com/kb/HT210722",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "https://support.apple.com/kb/HT210788",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
},
{
"name": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/",
"refsource": "CONFIRM",
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_03",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
},
{
"name": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:bcm4389_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm4389:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:bcm43012_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm43012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:bcm43013_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm43013:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:bcm4375_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm4375:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:bcm43752_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm43752:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:bcm4356_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:bcm4356:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15126"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT210721",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210721"
},
{
"name": "https://support.apple.com/kb/HT210722",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"name": "20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability",
"refsource": "CISCO",
"tags": [],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001",
"refsource": "CONFIRM",
"tags": [],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
},
{
"name": "https://support.apple.com/kb/HT210788",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/kb/HT210788"
},
{
"name": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_03",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
},
{
"name": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05",
"refsource": "MISC",
"tags": [],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
},
"lastModifiedDate": "2020-08-11T19:15Z",
"publishedDate": "2020-02-05T17:15Z"
}
}
}
CNVD-2020-18530
Vulnerability from cnvd - Published: 2020-03-20
VLAI Severity ?
Title
Broadcom Wi-Fi client devices加密问题漏洞
Description
Broadcom WiFi是美国博通(Broadcom)公司的一款无线网络芯片组驱动程序。
Broadcom Wi-Fi client devices中存在安全漏洞。攻击者可利用该漏洞获取信息。
Severity
低
Patch Name
Broadcom Wi-Fi client devices加密问题漏洞的补丁
Patch Description
Broadcom WiFi是美国博通(Broadcom)公司的一款无线网络芯片组驱动程序。
Broadcom Wi-Fi client devices中存在安全漏洞。攻击者可利用该漏洞获取信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://support.apple.com/en-us/HT210721
Reference
https://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126
Impacted products
| Name | Broadcom Wi-Fi client devices |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-15126",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-15126"
}
},
"description": "Broadcom WiFi\u662f\u7f8e\u56fd\u535a\u901a\uff08Broadcom\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u7f51\u7edc\u82af\u7247\u7ec4\u9a71\u52a8\u7a0b\u5e8f\u3002\n\nBroadcom Wi-Fi client devices\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-us/HT210721",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-18530",
"openTime": "2020-03-20",
"patchDescription": "Broadcom WiFi\u662f\u7f8e\u56fd\u535a\u901a\uff08Broadcom\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u7f51\u7edc\u82af\u7247\u7ec4\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nBroadcom Wi-Fi client devices\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Broadcom Wi-Fi client devices\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Broadcom Wi-Fi client devices"
},
"referenceLink": "https://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html; http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126",
"serverity": "\u4f4e",
"submitTime": "2020-03-20",
"title": "Broadcom Wi-Fi client devices\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e"
}
FKIE_CVE-2019-15126
Vulnerability from fkie_nvd - Published: 2020-02-05 17:15 - Updated: 2024-11-21 04:28
Severity ?
Summary
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html | ||
| cve@mitre.org | http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt | ||
| cve@mitre.org | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en | ||
| cve@mitre.org | http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en | ||
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf | ||
| cve@mitre.org | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001 | ||
| cve@mitre.org | https://support.apple.com/kb/HT210721 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210722 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT210788 | ||
| cve@mitre.org | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure | ||
| cve@mitre.org | https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05 | ||
| cve@mitre.org | https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/ | ||
| cve@mitre.org | https://www.synology.com/security/advisory/Synology_SA_20_03 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210721 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210722 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT210788 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synology.com/security/advisory/Synology_SA_20_03 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| broadcom | bcm4389_firmware | - | |
| broadcom | bcm4389 | - | |
| broadcom | bcm43012_firmware | - | |
| broadcom | bcm43012 | - | |
| broadcom | bcm43013_firmware | - | |
| broadcom | bcm43013 | - | |
| broadcom | bcm4375_firmware | - | |
| broadcom | bcm4375 | - | |
| broadcom | bcm43752_firmware | - | |
| broadcom | bcm43752 | - | |
| broadcom | bcm4356_firmware | - | |
| broadcom | bcm4356 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59FD8B-5C11-469A-91E8-B3EB904AB1EF",
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13864229-C006-4C72-AAE3-90F009375CA5",
"versionEndExcluding": "13.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E773457A-E670-4DDA-86E2-0923C1DCD9BA",
"versionEndExcluding": "10.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:bcm4389_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12F03EE0-8785-417A-BECA-BEA63757A39D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:bcm4389:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF854566-05B0-4661-A6FB-1FB57D2DA7F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:bcm43012_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "267F4829-8427-498F-9527-F0CBF59E4EBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:bcm43012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE5C165-FBF8-4860-AA22-B6572444396B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:bcm43013_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE8006F-EFF6-4C48-A88D-D454FCAF6FBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:bcm43013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE2C4A7-5C2B-436F-8088-36CB4552524D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:bcm4375_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F7B684-7732-4D96-A1D8-B7FF7D48FEBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:bcm4375:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B96EBAD-7270-43CF-8DF5-A6316581764F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:bcm43752_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196BB042-784B-4DA7-80B9-491660DE96FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:bcm43752:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC39880-8A15-49DE-B355-FDCDD536AB5F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:broadcom:bcm4356_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D071C0E7-D86C-4D86-807F-37882D4F7C2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:broadcom:bcm4356:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E682AB-4198-43C4-BD64-A1FDA1CD8A3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos cliente de Broadcom Wi-Fi. Espec\u00edficamente un tr\u00e1fico dise\u00f1ado minuciosamente y sincronizado puede causar errores internos (relacionados con las transiciones de estado) en un dispositivo WLAN que conllevan a un cifrado de Wi-Fi de Capa 2 inapropiado con una consiguiente posibilidad de divulgaci\u00f3n de informaci\u00f3n por medio del aire para un conjunto de tr\u00e1fico discreto, una vulnerabilidad diferente de CVE-2019-9500, CVE-2019-9501, CVE-2019-9502 y CVE-2019-9503."
}
],
"id": "CVE-2019-15126",
"lastModified": "2024-11-21T04:28:06.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T17:15:10.443",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"source": "cve@mitre.org",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210721"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/kb/HT210788"
},
{
"source": "cve@mitre.org",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
},
{
"source": "cve@mitre.org",
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
},
{
"source": "cve@mitre.org",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT210788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…