Common Weakness Enumeration

CWE-940

Allowed

Improper Verification of Source of a Communication Channel

Abstraction: Base · Status: Incomplete

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

92 vulnerabilities reference this CWE, most recent first.

CVE-2025-23019 (GCVE-0-2025-23019)

Vulnerability from cvelistv5 – Published: 2025-01-14 00:00 – Updated: 2025-11-03 21:00
VLAI
Summary
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
Impacted products
Vendor Product Version
IETF IPv6 Affected: 6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T19:37:11.123417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:20.419Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:00:14.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/199397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "IPv6",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ietf:ipv6:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "6",
                  "versionStartIncluding": "6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940 Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T19:54:56.202Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc4213"
        },
        {
          "url": "https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf"
        },
        {
          "url": "https://www.top10vpn.com/research/tunneling-protocol-vulnerability/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-23019",
    "datePublished": "2025-01-14T00:00:00.000Z",
    "dateReserved": "2025-01-10T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:00:14.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-23018 (GCVE-0-2025-23018)

Vulnerability from cvelistv5 – Published: 2025-01-14 00:00 – Updated: 2025-11-03 21:00
VLAI
Summary
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
Impacted products
Vendor Product Version
IETF IPv6 Affected: 6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T19:38:35.023118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:20.585Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:00:13.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/199397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "IPv6",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ietf:ipv6:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "6",
                  "versionStartIncluding": "6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940 Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T19:51:42.363Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc2473"
        },
        {
          "url": "https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf"
        },
        {
          "url": "https://www.top10vpn.com/research/tunneling-protocol-vulnerability/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-23018",
    "datePublished": "2025-01-14T00:00:00.000Z",
    "dateReserved": "2025-01-10T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:00:13.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20365 (GCVE-0-2025-20365)

Vulnerability from cvelistv5 – Published: 2025-09-24 16:40 – Updated: 2025-10-15 16:04
VLAI
Summary
A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit this vulnerability by associating to a wireless network and sending a series of crafted IPv6 RA packets. A successful exploit could allow the attacker to temporarily change the IPv6 gateway of an affected device. This could also lead to intermittent packet loss for any wireless clients that are associated with the affected device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Aironet Access Point Software (IOS XE Controller) Affected: 16.10.1e
Affected: 16.10.1
Affected: 17.1.1t
Affected: 17.1.1s
Affected: 17.1.1
Affected: 16.11.1a
Affected: 16.11.1
Affected: 16.11.1c
Affected: 16.11.1b
Affected: 16.12.1s
Affected: 16.12.4
Affected: 16.12.1
Affected: 16.12.2s
Affected: 16.12.1t
Affected: 16.12.4a
Affected: 16.12.5
Affected: 16.12.3
Affected: 16.12.6
Affected: 16.12.8
Affected: 16.12.7
Affected: 16.12.6a
Affected: 17.3.1
Affected: 17.3.2a
Affected: 17.3.3
Affected: 17.3.4
Affected: 17.3.5
Affected: 17.3.2
Affected: 17.3.4c
Affected: 17.3.5a
Affected: 17.3.5b
Affected: 17.3.6
Affected: 17.3.7
Affected: 17.3.8
Affected: 17.3.8a
Affected: 17.2.1
Affected: 17.2.1a
Affected: 17.2.3
Affected: 17.2.2
Affected: 17.5.1
Affected: 17.4.1
Affected: 17.6.1
Affected: 17.6.2
Affected: 17.6.3
Affected: 17.6.4
Affected: 17.6.5
Affected: 17.6.6
Affected: 17.6.6a
Affected: 17.6.5a
Affected: 17.6.7
Affected: 17.6.8
Affected: 17.10.1
Affected: 17.9.1
Affected: 17.9.2
Affected: 17.9.3
Affected: 17.9.4
Affected: 17.9.4a
Affected: 17.9.5
Affected: 17.9.6
Affected: 17.9.7
Affected: 17.7.1
Affected: 17.8.1
Affected: 17.11.1
Affected: 17.12.1
Affected: 17.12.2
Affected: 17.12.3
Affected: 17.12.5
Affected: 17.13.1
Affected: 17.14.1
Affected: 17.15.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T16:04:21.044698Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T16:04:29.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Aironet Access Point Software (IOS XE Controller)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.10.1e"
            },
            {
              "status": "affected",
              "version": "16.10.1"
            },
            {
              "status": "affected",
              "version": "17.1.1t"
            },
            {
              "status": "affected",
              "version": "17.1.1s"
            },
            {
              "status": "affected",
              "version": "17.1.1"
            },
            {
              "status": "affected",
              "version": "16.11.1a"
            },
            {
              "status": "affected",
              "version": "16.11.1"
            },
            {
              "status": "affected",
              "version": "16.11.1c"
            },
            {
              "status": "affected",
              "version": "16.11.1b"
            },
            {
              "status": "affected",
              "version": "16.12.1s"
            },
            {
              "status": "affected",
              "version": "16.12.4"
            },
            {
              "status": "affected",
              "version": "16.12.1"
            },
            {
              "status": "affected",
              "version": "16.12.2s"
            },
            {
              "status": "affected",
              "version": "16.12.1t"
            },
            {
              "status": "affected",
              "version": "16.12.4a"
            },
            {
              "status": "affected",
              "version": "16.12.5"
            },
            {
              "status": "affected",
              "version": "16.12.3"
            },
            {
              "status": "affected",
              "version": "16.12.6"
            },
            {
              "status": "affected",
              "version": "16.12.8"
            },
            {
              "status": "affected",
              "version": "16.12.7"
            },
            {
              "status": "affected",
              "version": "16.12.6a"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.4c"
            },
            {
              "status": "affected",
              "version": "17.3.5a"
            },
            {
              "status": "affected",
              "version": "17.3.5b"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.7"
            },
            {
              "status": "affected",
              "version": "17.3.8"
            },
            {
              "status": "affected",
              "version": "17.3.8a"
            },
            {
              "status": "affected",
              "version": "17.2.1"
            },
            {
              "status": "affected",
              "version": "17.2.1a"
            },
            {
              "status": "affected",
              "version": "17.2.3"
            },
            {
              "status": "affected",
              "version": "17.2.2"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.6"
            },
            {
              "status": "affected",
              "version": "17.6.6a"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.6.7"
            },
            {
              "status": "affected",
              "version": "17.6.8"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.9.4a"
            },
            {
              "status": "affected",
              "version": "17.9.5"
            },
            {
              "status": "affected",
              "version": "17.9.6"
            },
            {
              "status": "affected",
              "version": "17.9.7"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            },
            {
              "status": "affected",
              "version": "17.12.1"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.12.3"
            },
            {
              "status": "affected",
              "version": "17.12.5"
            },
            {
              "status": "affected",
              "version": "17.13.1"
            },
            {
              "status": "affected",
              "version": "17.14.1"
            },
            {
              "status": "affected",
              "version": "17.15.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device.\r\n\r This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit this vulnerability by associating to a wireless network and sending a series of crafted IPv6 RA packets. A successful exploit could allow the attacker to temporarily change the IPv6 gateway of an affected device. This could also lead to intermittent packet loss for any wireless clients that are associated with the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-26T17:11:13.040Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ap-ipv6-gw-tUAzpn9O",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ipv6-gw-tUAzpn9O"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ap-ipv6-gw-tUAzpn9O",
        "defects": [
          "CSCwm13005"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20365",
    "datePublished": "2025-09-24T16:40:16.763Z",
    "dateReserved": "2024-10-10T19:15:13.261Z",
    "dateUpdated": "2025-10-15T16:04:29.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-13086 (GCVE-0-2025-13086)

Vulnerability from cvelistv5 – Published: 2025-12-03 19:54 – Updated: 2025-12-12 13:50
VLAI
Summary
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
Impacted products
Vendor Product Version
OpenVPN OpenVPN Affected: 2.6.0 , ≤ 2.6.15 (semver)
Affected: 2.7_alpha1 , ≤ 2.7_rc1 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T21:48:54.419203Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T21:49:07.801Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenVPN",
          "vendor": "OpenVPN",
          "versions": [
            {
              "lessThanOrEqual": "2.6.15",
              "status": "affected",
              "version": "2.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.7_rc1",
              "status": "affected",
              "version": "2.7_alpha1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940: Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-12T13:50:46.678Z",
        "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
        "shortName": "OpenVPN"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://community.openvpn.net/Security%20Announcements/CVE-2025-13086"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00152.html"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.mail-archive.com/openvpn-announce@lists.sourceforge.net/msg00151.html"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
    "assignerShortName": "OpenVPN",
    "cveId": "CVE-2025-13086",
    "datePublished": "2025-12-03T19:54:10.737Z",
    "dateReserved": "2025-11-12T19:37:55.606Z",
    "dateUpdated": "2025-12-12T13:50:46.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9999 (GCVE-0-2025-9999)

Vulnerability from cvelistv5 – Published: 2025-09-05 16:41 – Updated: 2026-02-26 07:54
VLAI
Title
Improper validation of payload elements
Summary
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper Verification of Source of a Communication Channel
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
URL Tags
https://www.pcvue.com/security/#SB2025-4 vendor-advisory
Impacted products
Vendor Product Version
arcinfo PcVue Affected: 16.0.0 , ≤ 16.3.3 (cpe)
Affected: 15.0.0 , ≤ 15.2.12 (cpe)
Affected: 12.0.0 , ≤ 12.0.31 (cpe)
Create a notification for this product.
Date Public
2025-09-04 22:00
Credits
Guillaume André (Synacktiv) Pierre Gertner (Synacktiv)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-05T17:48:53.486647Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-05T17:49:13.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "Networking"
          ],
          "product": "PcVue",
          "vendor": "arcinfo",
          "versions": [
            {
              "lessThanOrEqual": "16.3.3",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "cpe"
            },
            {
              "lessThanOrEqual": "15.2.12",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "cpe"
            },
            {
              "lessThanOrEqual": "12.0.31",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "cpe"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "16.3.3",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "15.2.12",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "12.0.31",
                  "versionStartIncluding": "12.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Guillaume Andr\u00e9 (Synacktiv)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Pierre Gertner (Synacktiv)"
        }
      ],
      "datePublic": "2025-09-04T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application."
            }
          ],
          "value": "Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No POC available."
            }
          ],
          "value": "No POC available."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Not known to be exploited"
            }
          ],
          "value": "Not known to be exploited"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/AU:Y/R:U/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "other": {
            "content": {
              "options": [
                {
                  "Exploitation": "none"
                },
                {
                  "Automatable": "yes"
                },
                {
                  "Technical Impact": "partial"
                }
              ],
              "role": "CNA",
              "version": "2.0.3"
            },
            "type": "ssvc"
          },
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940 Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288 Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T07:54:29.179Z",
        "orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
        "shortName": "arcinfo"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.pcvue.com/security/#SB2025-4"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003eHarden the configuration\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users\u003cbr\u003eTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from unsecure networks.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eUpdate PcVue\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users running affected components.\u003cbr\u003eApply the patch by installing a fixed PcVue version.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eA fixed release must be installed on all stations for the fix to be fully applied.\u003c/b\u003e\u003cbr\u003eExisting projects require a settings update for the fix to be applied. The complete update procedure and verification steps are described in the Knowledge Base article KB1254\n\n(\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.pcvue.com/?post_type=post\u0026amp;s=\u0026amp;kbase_id=kb1254\"\u003ehttps://www.pcvue.com/?post_type=post\u0026amp;s=\u0026amp;kbase_id=kb1254\u003c/a\u003e)\n\n.\u003cbr\u003eFor new projects, the settings are configured by default with secured values.\u003cbr\u003e\u003cbr\u003eTo verify that the patch has been applied correctly, the user must check that:\u003cbr\u003e\u003cul\u003e\u003cli\u003eThe \u003ci\u003eFile version\u003c/i\u003e property of the file \u003ci\u003e./bin/sv32.exe\u003c/i\u003e matches the deployed release or later, and ensure that any earlier release is no longer used;\u003c/li\u003e\u003cli\u003eThe \u003ci\u003eInteroperability issues\u003c/i\u003e settings of the Networking feature are disabled.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cb\u003eAvailable patches:\u003c/b\u003e\u003cbr\u003ePatch provided in:\u003cul\u003e\n\n\u003cli\u003ePcVue 16.3.4 (16.3.4902.3112)\u003c/li\u003e\u003cli\u003ePcVue 15.2.13 (15.2.13902.37126)\u003c/li\u003e\u003cli\u003ePcVue 12.0.32 (12.0.32900.37130)\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Harden the configuration\nWho should apply this recommendation: All users\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\n  *  Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from unsecure networks.\n  *  Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\n\nUpdate PcVue\nWho should apply this recommendation: All users running affected components.\nApply the patch by installing a fixed PcVue version.\n\nA fixed release must be installed on all stations for the fix to be fully applied.\nExisting projects require a settings update for the fix to be applied. The complete update procedure and verification steps are described in the Knowledge Base article KB1254\n\n( https://www.pcvue.com/?post_type=post\u0026s=\u0026kbase_id=kb1254 )\n\n.\nFor new projects, the settings are configured by default with secured values.\n\nTo verify that the patch has been applied correctly, the user must check that:\n  *  The File version property of the file ./bin/sv32.exe matches the deployed release or later, and ensure that any earlier release is no longer used;\n  *  The Interoperability issues settings of the Networking feature are disabled.\n\n\n\n\n\n\nAvailable patches:\nPatch provided in:\n\n  *  PcVue 16.3.4 (16.3.4902.3112)\n  *  PcVue 15.2.13 (15.2.13902.37126)\n  *  PcVue 12.0.32 (12.0.32900.37130)"
        }
      ],
      "source": {
        "advisory": "SB2025-4",
        "discovery": "EXTERNAL"
      },
      "title": "Improper validation of payload elements",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
    "assignerShortName": "arcinfo",
    "cveId": "CVE-2025-9999",
    "datePublished": "2025-09-05T16:41:01.957Z",
    "dateReserved": "2025-09-04T16:34:24.743Z",
    "dateUpdated": "2026-02-26T07:54:29.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0036 (GCVE-0-2025-0036)

Vulnerability from cvelistv5 – Published: 2025-06-09 23:57 – Updated: 2025-06-30 14:48
VLAI
Summary
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-682 - Incorrect Calculation
  • CWE-772 - Missing Release of Resource after Effective Lifetime
  • CWE-940 - Improper Verification of Source of a Communication Channel
  • CWE-941 - Incorrectly Specified Destination in a Communication Channel
  • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
AMD
Date Public
2025-06-03 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0036",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T14:19:45.871057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T15:27:43.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Versal Adaptive SoC Devices",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal RF Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal AI Edge Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal Prime Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal Premium Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal AI Core Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal HBM Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Alveo V80 Compute Accelerator",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        }
      ],
      "datePublic": "2025-06-03T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.\u003cbr\u003e"
            }
          ],
          "value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-682",
              "description": "CWE-682 Incorrect Calculation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-772",
              "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940 Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-941",
              "description": "CWE-941 Incorrectly Specified Destination in a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-30T14:48:59.255Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-0036",
    "datePublished": "2025-06-09T23:57:39.748Z",
    "dateReserved": "2024-11-21T16:18:02.918Z",
    "dateUpdated": "2025-06-30T14:48:59.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36506 (GCVE-0-2024-36506)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:09 – Updated: 2025-01-15 14:55
VLAI
Summary
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper access control
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiClientEMS Affected: 7.4.0
Affected: 7.2.0 , ≤ 7.2.4 (semver)
Affected: 7.0.0 , ≤ 7.0.13 (semver)
Affected: 6.4.7 , ≤ 6.4.9 (semver)
Affected: 6.4.0 , ≤ 6.4.4 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36506",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T14:55:35.373852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T14:55:47.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiClientEMS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.9",
              "status": "affected",
              "version": "6.4.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.4",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:09:52.227Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-078",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-078"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiClientEMS version 7.4.1 or above \nPlease upgrade to FortiClientEMS version 7.2.5 or above \nPlease upgrade to FortiSASE version 24.2.c or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-36506",
    "datePublished": "2025-01-14T14:09:52.227Z",
    "dateReserved": "2024-05-29T08:44:50.759Z",
    "dateUpdated": "2025-01-15T14:55:47.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26131 (GCVE-0-2024-26131)

Vulnerability from cvelistv5 – Published: 2024-02-20 18:17 – Updated: 2024-08-01 23:59
VLAI
Title
Element Android Intent Redirection
Summary
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
  • CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
Impacted products
Vendor Product Version
element-hq element-android Affected: >= 1.4.3, < 1.6.12
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-29T14:41:52.849097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:14.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:59:32.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm"
          },
          {
            "name": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9"
          },
          {
            "name": "https://element.io/blog/security-release-element-android-1-6-12",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://element.io/blog/security-release-element-android-1-6-12"
          },
          {
            "name": "https://support.google.com/faqs/answer/9267555?hl=en",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.google.com/faqs/answer/9267555?hl=en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "element-android",
          "vendor": "element-hq",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.4.3, \u003c 1.6.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-923",
              "description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940: Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-20T18:17:01.583Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm"
        },
        {
          "name": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9"
        },
        {
          "name": "https://element.io/blog/security-release-element-android-1-6-12",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://element.io/blog/security-release-element-android-1-6-12"
        },
        {
          "name": "https://support.google.com/faqs/answer/9267555?hl=en",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.google.com/faqs/answer/9267555?hl=en"
        }
      ],
      "source": {
        "advisory": "GHSA-j6pr-fpc8-q9vm",
        "discovery": "UNKNOWN"
      },
      "title": "Element Android Intent Redirection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-26131",
    "datePublished": "2024-02-20T18:17:01.583Z",
    "dateReserved": "2024-02-14T17:40:03.687Z",
    "dateUpdated": "2024-08-01T23:59:32.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20390 (GCVE-0-2024-20390)

Vulnerability from cvelistv5 – Published: 2024-09-11 16:38 – Updated: 2024-09-11 20:53
VLAI
Title
Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability
Summary
A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Affected: 6.5.3
Affected: 6.5.29
Affected: 6.5.1
Affected: 6.6.1
Affected: 6.5.2
Affected: 6.5.92
Affected: 6.5.15
Affected: 6.6.2
Affected: 7.0.1
Affected: 6.6.25
Affected: 6.5.26
Affected: 6.6.11
Affected: 6.5.25
Affected: 6.5.28
Affected: 6.5.93
Affected: 6.6.12
Affected: 6.5.90
Affected: 7.0.0
Affected: 7.1.1
Affected: 7.0.90
Affected: 6.6.3
Affected: 6.7.1
Affected: 7.0.2
Affected: 7.1.15
Affected: 7.2.0
Affected: 7.2.1
Affected: 7.1.2
Affected: 6.7.2
Affected: 7.0.11
Affected: 7.0.12
Affected: 7.0.14
Affected: 7.1.25
Affected: 6.6.4
Affected: 7.2.12
Affected: 7.3.1
Affected: 7.1.3
Affected: 6.7.3
Affected: 7.4.1
Affected: 7.2.2
Affected: 6.7.4
Affected: 6.5.31
Affected: 7.3.15
Affected: 7.3.16
Affected: 6.8.1
Affected: 7.4.15
Affected: 6.5.32
Affected: 7.3.2
Affected: 7.5.1
Affected: 7.4.16
Affected: 7.3.27
Affected: 7.6.1
Affected: 7.5.2
Affected: 7.8.1
Affected: 7.6.15
Affected: 7.5.12
Affected: 7.8.12
Affected: 7.3.3
Affected: 7.7.1
Affected: 6.8.2
Affected: 7.3.4
Affected: 7.4.2
Affected: 6.7.35
Affected: 6.9.1
Affected: 7.6.2
Affected: 7.5.3
Affected: 7.7.2
Affected: 6.9.2
Affected: 7.9.1
Affected: 7.10.1
Affected: 7.8.2
Affected: 7.5.4
Affected: 6.5.33
Affected: 7.8.22
Affected: 7.7.21
Affected: 7.9.2
Affected: 7.3.5
Affected: 7.5.5
Affected: 7.11.1
Affected: 7.9.21
Affected: 7.10.2
Affected: 24.1.1
Affected: 7.6.3
Affected: 7.3.6
Affected: 7.5.52
Affected: 7.11.2
Affected: 24.2.1
Create a notification for this product.
cisco ios_xr_software Affected: 6.5.3 , ≤ 7.11.2 (custom)
Affected: 24.2.1
    cpe:2.3:o:cisco:ios_xr_software:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xr_software:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "7.11.2",
                "status": "affected",
                "version": "6.5.3",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "24.2.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T20:51:11.800178Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T20:53:46.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.3"
            },
            {
              "status": "affected",
              "version": "6.5.29"
            },
            {
              "status": "affected",
              "version": "6.5.1"
            },
            {
              "status": "affected",
              "version": "6.6.1"
            },
            {
              "status": "affected",
              "version": "6.5.2"
            },
            {
              "status": "affected",
              "version": "6.5.92"
            },
            {
              "status": "affected",
              "version": "6.5.15"
            },
            {
              "status": "affected",
              "version": "6.6.2"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.6.25"
            },
            {
              "status": "affected",
              "version": "6.5.26"
            },
            {
              "status": "affected",
              "version": "6.6.11"
            },
            {
              "status": "affected",
              "version": "6.5.25"
            },
            {
              "status": "affected",
              "version": "6.5.28"
            },
            {
              "status": "affected",
              "version": "6.5.93"
            },
            {
              "status": "affected",
              "version": "6.6.12"
            },
            {
              "status": "affected",
              "version": "6.5.90"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.90"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.7.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.15"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "6.7.2"
            },
            {
              "status": "affected",
              "version": "7.0.11"
            },
            {
              "status": "affected",
              "version": "7.0.12"
            },
            {
              "status": "affected",
              "version": "7.0.14"
            },
            {
              "status": "affected",
              "version": "7.1.25"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "7.2.12"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.1.3"
            },
            {
              "status": "affected",
              "version": "6.7.3"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "6.7.4"
            },
            {
              "status": "affected",
              "version": "6.5.31"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.3.16"
            },
            {
              "status": "affected",
              "version": "6.8.1"
            },
            {
              "status": "affected",
              "version": "7.4.15"
            },
            {
              "status": "affected",
              "version": "6.5.32"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.16"
            },
            {
              "status": "affected",
              "version": "7.3.27"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.6.15"
            },
            {
              "status": "affected",
              "version": "7.5.12"
            },
            {
              "status": "affected",
              "version": "7.8.12"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "6.8.2"
            },
            {
              "status": "affected",
              "version": "7.3.4"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "6.7.35"
            },
            {
              "status": "affected",
              "version": "6.9.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "6.9.2"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.10.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "6.5.33"
            },
            {
              "status": "affected",
              "version": "7.8.22"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            },
            {
              "status": "affected",
              "version": "7.9.21"
            },
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "24.1.1"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            },
            {
              "status": "affected",
              "version": "7.3.6"
            },
            {
              "status": "affected",
              "version": "7.5.52"
            },
            {
              "status": "affected",
              "version": "7.11.2"
            },
            {
              "status": "affected",
              "version": "24.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.\r\n\r\nThis vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T16:38:15.320Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S",
        "defects": [
          "CSCwj39201"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20390",
    "datePublished": "2024-09-11T16:38:15.320Z",
    "dateReserved": "2023-11-08T15:08:07.659Z",
    "dateUpdated": "2024-09-11T20:53:46.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7322 (GCVE-0-2024-7322)

Vulnerability from cvelistv5 – Published: 2025-01-15 07:59 – Updated: 2026-04-20 15:10
VLAI
Title
Dos in ZigBee device due to unsolicited encrypted rejoin response
Summary
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
URL Tags
https://community.silabs.com/068Vm00000I7ri2 vendor-advisorypermissions-required
Impacted products
Vendor Product Version
silabs.com EmberZNet Affected: 0 , < 7.3.3 (semver)
Affected: 7.4.0 , < 7.4.4 (semver)
Create a notification for this product.
silabs.com EmberZNet Affected: 0 , < 8.1.0 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T14:46:49.430161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T14:46:57.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "GSDK",
          "product": "EmberZNet",
          "vendor": "silabs.com",
          "versions": [
            {
              "lessThan": "7.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "SiSDK",
          "product": "EmberZNet",
          "vendor": "silabs.com",
          "versions": [
            {
              "lessThan": "8.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change\u0026nbsp;in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established"
            }
          ],
          "value": "A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change\u00a0in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-176",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-176 Configuration/Environment Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940 Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-20T15:10:01.669Z",
        "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "shortName": "Silabs"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "permissions-required"
          ],
          "url": "https://community.silabs.com/068Vm00000I7ri2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dos in ZigBee device due to unsolicited encrypted rejoin response",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
    "assignerShortName": "Silabs",
    "cveId": "CVE-2024-7322",
    "datePublished": "2025-01-15T07:59:55.430Z",
    "dateReserved": "2024-07-31T09:01:54.841Z",
    "dateUpdated": "2026-04-20T15:10:01.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack.
  • When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.
CAPEC-500: WebView Injection

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.

CAPEC-594: Traffic Injection

An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.

CAPEC-595: Connection Reset

In this attack pattern, an adversary injects a connection reset packet to one or both ends of a target's connection. The attacker is therefore able to have the target and/or the destination server sever the connection without having to directly filter the traffic between them.

CAPEC-596: TCP RST Injection

An adversary injects one or more TCP RST packets to a target after the target has made a HTTP GET request. The goal of this attack is to have the target and/or destination web server terminate the TCP connection.