Common Weakness Enumeration

CWE-703

Discouraged

Improper Check or Handling of Exceptional Conditions

Abstraction: Pillar · Status: Incomplete

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

211 vulnerabilities reference this CWE, most recent first.

CVE-2023-5563 (GCVE-0-2023-5563)

Vulnerability from cvelistv5 – Published: 2023-10-12 23:11 – Updated: 2024-09-17 17:08
VLAI
Summary
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Assigner
Impacted products
Vendor Product Version
zephyrproject-rtos Zephyr Affected: 3.3 , ≤ 3.4 (git)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5563",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T17:08:27.283979Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T17:08:43.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Zephyr",
          "product": "Zephyr",
          "repo": "https://github.com/zephyrproject-rtos/zephyr",
          "vendor": "zephyrproject-rtos",
          "versions": [
            {
              "lessThanOrEqual": "3.4",
              "status": "affected",
              "version": "3.3",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
            }
          ],
          "value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-74",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-74 Manipulating User State"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": " CWE-703 Improper Check or Handling of Exceptional Conditions The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-12T23:11:18.074Z",
        "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "shortName": "zephyr"
      },
      "references": [
        {
          "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
    "assignerShortName": "zephyr",
    "cveId": "CVE-2023-5563",
    "datePublished": "2023-10-12T23:11:18.074Z",
    "dateReserved": "2023-10-12T22:58:30.695Z",
    "dateUpdated": "2024-09-17T17:08:43.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5038 (GCVE-0-2023-5038)

Vulnerability from cvelistv5 – Published: 2024-06-25 02:14 – Updated: 2024-08-02 07:44
VLAI
Title
Unauthenticated DoS
Summary
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
  • CWE-248 - Uncaught Exception
Assigner
References
Impacted products
Vendor Product Version
Hanwha Vision Co., Ltd. A-Series, Q-Series, PNM-series Camera Affected: Prior to version 1.41.16, Prior to version 2.22.00
Create a notification for this product.
hanwhavision ano-l6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l6022r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l6082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ane-l6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l6082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l7082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ane-l7012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l7082r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l7012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision ano-l7022r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision anv-l7012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-c9022rv Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9000qb Affected: 0 , < 2.22.01 (custom)
    cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-7002vd Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-8082vt Affected: 0 , < 2.22.00 (custom)
    cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9002vq Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9022v Affected: 0 , < 2.22.00 (custom)
    cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9031rv Affected: 0 , < 2.22.01 (custom)
    cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084qz Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084rqz Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9085rqz Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084qz1 Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9084rqz1 Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9085rqz1 Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-9322vqp Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-7082rvd Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision pnm-12082rvd Affected: 0 , < 2.22.02 (custom)
    cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6072r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6012r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6032r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6032r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6022r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6072r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6022r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6012r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6072r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnd-6032r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lnv-6022r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision lno-6012r Affected: 0 , < 1.41.13 (custom)
    cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6011 Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6012r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6021 Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6022r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*
Create a notification for this product.
hanwhavision qnd-6032r Affected: 0 , < 1.41.16 (custom)
    cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-25 02:05
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-c9022rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9000qb",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7002vd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-8082vt",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9002vq",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9022v",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9031rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9322vqp",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-12082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6011",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6021",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l6082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l6082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ane-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ane-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7082r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7082r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:ano-l7022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ano-l7022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:anv-l7012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "anv-l7012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-c9022rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-c9022rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9000qb:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9000qb",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7002vd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7002vd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-8082vt:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-8082vt",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9002vq:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9002vq",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9022v:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9022v",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.00",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9031rv:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9031rv",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.01",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084qz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084qz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9084rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9084rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9085rqz1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9085rqz1",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-9322vqp:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-9322vqp",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-7082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-7082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:pnm-12082rvd:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pnm-12082rvd",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "2.22.02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6072r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6072r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lnv-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lnv-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:lno-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lno-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6011:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6011",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6012r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6012r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6021:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6021",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6022r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6022r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hanwhavision:qnd-6032r:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qnd-6032r",
            "vendor": "hanwhavision",
            "versions": [
              {
                "lessThan": "1.41.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T16:44:21.978973Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T23:04:59.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "A-Series, Q-Series, PNM-series Camera",
          "vendor": "Hanwha Vision Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to version 1.41.16, Prior to version 2.22.00"
            }
          ]
        }
      ],
      "datePublic": "2024-06-25T02:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003ebadmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T02:14:06.610Z",
        "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "shortName": "Hanwha_Vision"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hanwhavision.com/wp-content/uploads/2024/06/Camera-Vulnerability-Report-CVE-2023-5037-5038.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated DoS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
    "assignerShortName": "Hanwha_Vision",
    "cveId": "CVE-2023-5038",
    "datePublished": "2024-06-25T02:14:06.610Z",
    "dateReserved": "2023-09-18T06:00:29.464Z",
    "dateUpdated": "2024-08-02T07:44:53.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0397 (GCVE-0-2023-0397)

Vulnerability from cvelistv5 – Published: 2023-01-19 00:00 – Updated: 2025-04-03 17:03
VLAI
Title
DoS: Invalid Initialization in le_read_buffer_size_complete
Summary
A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions (CWE-703)
Assigner
Impacted products
Vendor Product Version
zephyrproject-rtos zephyr Affected: unspecified , ≤ v3.2 (custom)
Create a notification for this product.
Date Public
2023-01-18 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:55.717Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0397",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T15:49:30.912838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T17:03:20.150Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zephyr",
          "vendor": "zephyrproject-rtos",
          "versions": [
            {
              "lessThanOrEqual": "v3.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-01-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "Improper Check or Handling of Exceptional Conditions (CWE-703)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-19T00:00:00.000Z",
        "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "shortName": "zephyr"
      },
      "references": [
        {
          "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
        }
      ],
      "source": {
        "defect": [
          "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wc2h-h868-q7hj"
        ]
      },
      "title": "DoS: Invalid Initialization in le_read_buffer_size_complete"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
    "assignerShortName": "zephyr",
    "cveId": "CVE-2023-0397",
    "datePublished": "2023-01-19T00:00:00.000Z",
    "dateReserved": "2023-01-19T00:00:00.000Z",
    "dateUpdated": "2025-04-03T17:03:20.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0204 (GCVE-0-2023-0204)

Vulnerability from cvelistv5 – Published: 2023-04-22 02:24 – Updated: 2025-02-04 19:32
VLAI
Summary
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA NVIDIA ConnectX Firmware Affected: All versions prior to 35.1012
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:44.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5459"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0204",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:31:55.998969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T19:32:02.861Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NVIDIA ConnectX Firmware",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 35.1012"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service."
            }
          ],
          "value": "NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-22T02:24:54.842Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5459"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2023-0204",
    "datePublished": "2023-04-22T02:24:54.842Z",
    "dateReserved": "2023-01-11T05:48:54.210Z",
    "dateUpdated": "2025-02-04T19:32:02.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-0004 (GCVE-0-2023-0004)

Vulnerability from cvelistv5 – Published: 2023-04-12 16:41 – Updated: 2025-02-13 16:38
VLAI
Title
PAN-OS: Local File Deletion Vulnerability
Summary
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
Palo Alto Networks PAN-OS Affected: 8.1 , < 8.1.24 (custom)
Affected: 9.0 , < 9.0.17 (custom)
Affected: 9.1 , < 9.1.15 (custom)
Affected: 10.0 , < 10.0.11 (custom)
Affected: 10.1 , < 10.1.6 (custom)
Unaffected: 10.2
Unaffected: 11.0
Create a notification for this product.
Palo Alto Networks Prisma Access Unaffected: All
Create a notification for this product.
Palo Alto Networks Cloud NGFW Unaffected: All
Create a notification for this product.
Date Public
2023-04-12 16:00
Credits
Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2023-0004"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PAN-OS",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "8.1.24",
                  "status": "unaffected"
                }
              ],
              "lessThan": "8.1.24",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.0.17",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.0.17",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.1.15",
                  "status": "unaffected"
                }
              ],
              "lessThan": "9.1.15",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.0.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.0.11",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "10.1.6",
                  "status": "unaffected"
                }
              ],
              "lessThan": "10.1.6",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "10.2"
            },
            {
              "status": "unaffected",
              "version": "11.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Access",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Cloud NGFW",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue."
        }
      ],
      "datePublic": "2023-04-12T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\u003cbr\u003e\u003cbr\u003eThese files can include logs and system components that impact the integrity and availability of PAN-OS software."
            }
          ],
          "value": "A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-03T21:06:41.554Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2023-0004"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions."
            }
          ],
          "value": "This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions."
        }
      ],
      "source": {
        "defect": [
          "PAN-171625"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-12T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "PAN-OS: Local File Deletion Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2023-0004",
    "datePublished": "2023-04-12T16:41:02.556Z",
    "dateReserved": "2022-10-27T18:48:13.579Z",
    "dateUpdated": "2025-02-13T16:38:41.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39911 (GCVE-0-2022-39911)

Vulnerability from cvelistv5 – Published: 2022-12-08 00:00 – Updated: 2025-04-23 15:24
VLAI
Summary
Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Pass Affected: unspecified , < 4.0.06.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:07:42.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:24:22.056935Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T15:24:29.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Pass",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "4.0.06.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-08T00:00:00.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=12"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2022-39911",
    "datePublished": "2022-12-08T00:00:00.000Z",
    "dateReserved": "2022-09-05T00:00:00.000Z",
    "dateUpdated": "2025-04-23T15:24:29.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31152 (GCVE-0-2022-31152)

Vulnerability from cvelistv5 – Published: 2022-09-02 20:00 – Updated: 2025-04-23 17:32
VLAI
Title
Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
Summary
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
matrix-org synapse Affected: < 1.62.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/synapse/pull/13087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/synapse/pull/13088"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/matrix-org/synapse/releases/tag/v1.62.0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:01:29.840178Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T17:32:15.848Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "synapse",
          "vendor": "matrix-org",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.62.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-02T20:00:16.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/synapse/pull/13087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/synapse/pull/13088"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/synapse/releases/tag/v1.62.0"
        }
      ],
      "source": {
        "advisory": "GHSA-jhjh-776m-4765",
        "discovery": "UNKNOWN"
      },
      "title": "Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31152",
          "STATE": "PUBLIC",
          "TITLE": "Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "synapse",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.62.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "matrix-org"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765",
              "refsource": "CONFIRM",
              "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765"
            },
            {
              "name": "https://github.com/matrix-org/synapse/pull/13087",
              "refsource": "MISC",
              "url": "https://github.com/matrix-org/synapse/pull/13087"
            },
            {
              "name": "https://github.com/matrix-org/synapse/pull/13088",
              "refsource": "MISC",
              "url": "https://github.com/matrix-org/synapse/pull/13088"
            },
            {
              "name": "https://github.com/matrix-org/synapse/releases/tag/v1.62.0",
              "refsource": "MISC",
              "url": "https://github.com/matrix-org/synapse/releases/tag/v1.62.0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-jhjh-776m-4765",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31152",
    "datePublished": "2022-09-02T20:00:16.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T17:32:15.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-30738 (GCVE-0-2022-30738)

Vulnerability from cvelistv5 – Published: 2022-06-07 18:17 – Updated: 2024-08-03 06:56
VLAI
Summary
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Internet Affected: unspecified , < 17.0.1.69 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:14.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Internet",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "17.0.1.69",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-07T18:17:15.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2022-30738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Internet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "17.0.1.69"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2022-30738",
    "datePublished": "2022-06-07T18:17:15.000Z",
    "dateReserved": "2022-05-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:56:14.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27841 (GCVE-0-2022-27841)

Vulnerability from cvelistv5 – Published: 2022-04-11 19:37 – Updated: 2024-08-03 05:41
VLAI
Summary
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Pass Affected: - , < 3.0.07.5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:09.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Pass",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "3.0.07.5",
              "status": "affected",
              "version": "-",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:37:33.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2022-27841",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Pass",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "-",
                            "version_value": "3.0.07.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=4"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2022-27841",
    "datePublished": "2022-04-11T19:37:33.000Z",
    "dateReserved": "2022-03-24T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:41:09.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-25252 (GCVE-0-2022-25252)

Vulnerability from cvelistv5 – Published: 2022-03-16 14:03 – Updated: 2025-04-16 16:42
VLAI
Title
PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions
Summary
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
Date Public
2022-03-08 00:00
Credits
Yuval Shoshani and Elad Luz of CyberMDX and Vedere Labs reported these vulnerabilities to PTC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:36:06.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ptc.com/en/support/article/CS363561"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-25252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:59:22.839792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:42:15.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Axeda agent",
          "vendor": "PTC",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "product": "Axeda Desktop Server for Windows",
          "vendor": "PTC",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yuval Shoshani and Elad Luz of CyberMDX and Vedere Labs reported these vulnerabilities to PTC"
        }
      ],
      "datePublic": "2022-03-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-16T14:03:35.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ptc.com/en/support/article/CS363561"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "PTC recommends the following:\n\nUpgrade to Axeda agent Version 6.9.2 build 1049 or 6.9.3 build 1051 when running older versions of the Axeda agent.\nConfigure Axeda agent and Axeda Desktop Server (ADS) to only listen on the local host interface 127.0.0.1. Refer to PTC knowledge article CS360255\nProvide a unique password in the AxedaDesktop.ini file for each unit.\nNever use ERemoteServer in production.\nMake sure to delete ERemoteServer file from host device.\nRemove the installation file, for example: Gateway_vs2017-en-us-x64-pc-winnt-vc14-6.9.3-1051.msi\nWhen running in Windows or Linux, only allow connections to ERemoteServer from trusted hosts and block all others.\nWhen running the Windows operating system, configure Localhost communications (127.0.0.1) between ERemoteServer and Axeda Builder. Refer to PTC knowledge article CS360255\nConfigure the Axeda agent for the authentication information required to log in to the Axeda Deployment Utility. Refer to PTC knowledge article CS360255\nPTC recommends upgrading the Axeda Desktop Server (ADS) to Version 6.9 build 215\n\nThe Axeda agent loopback-only configuration is only available in Version 6.9.1 and above. Hence, upgrading to Axeda agent 6.9.1 or above is required."
        }
      ],
      "source": {
        "advisory": "ICSA-22-067-01",
        "discovery": "UNKNOWN"
      },
      "title": "PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2022-03-08T17:50:00.000Z",
          "ID": "CVE-2022-25252",
          "STATE": "PUBLIC",
          "TITLE": "PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Axeda agent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "All Versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Axeda Desktop Server for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "All Versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PTC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Yuval Shoshani and Elad Luz of CyberMDX and Vedere Labs reported these vulnerabilities to PTC"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01"
            },
            {
              "name": "https://www.ptc.com/en/support/article/CS363561",
              "refsource": "MISC",
              "url": "https://www.ptc.com/en/support/article/CS363561"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "PTC recommends the following:\n\nUpgrade to Axeda agent Version 6.9.2 build 1049 or 6.9.3 build 1051 when running older versions of the Axeda agent.\nConfigure Axeda agent and Axeda Desktop Server (ADS) to only listen on the local host interface 127.0.0.1. Refer to PTC knowledge article CS360255\nProvide a unique password in the AxedaDesktop.ini file for each unit.\nNever use ERemoteServer in production.\nMake sure to delete ERemoteServer file from host device.\nRemove the installation file, for example: Gateway_vs2017-en-us-x64-pc-winnt-vc14-6.9.3-1051.msi\nWhen running in Windows or Linux, only allow connections to ERemoteServer from trusted hosts and block all others.\nWhen running the Windows operating system, configure Localhost communications (127.0.0.1) between ERemoteServer and Axeda Builder. Refer to PTC knowledge article CS360255\nConfigure the Axeda agent for the authentication information required to log in to the Axeda Deployment Utility. Refer to PTC knowledge article CS360255\nPTC recommends upgrading the Axeda Desktop Server (ADS) to Version 6.9 build 215\n\nThe Axeda agent loopback-only configuration is only available in Version 6.9.1 and above. Hence, upgrading to Axeda agent 6.9.1 or above is required."
          }
        ],
        "source": {
          "advisory": "ICSA-22-067-01",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-25252",
    "datePublished": "2022-03-16T14:03:35.553Z",
    "dateReserved": "2022-02-16T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:42:15.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.