Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    151 vulnerabilities by sony

    CVE-2025-64390 (GCVE-0-2025-64390)

    Vulnerability from nvd – Published: 2026-06-02 18:20 – Updated: 2026-06-03 16:05
    VLAI
    Summary
    A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sony PS4 Affected: 13.00 , < 13.02 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64390",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T16:05:55.908933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T16:05:58.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PS4",
              "vendor": "Sony",
              "versions": [
                {
                  "lessThan": "13.02",
                  "status": "affected",
                  "version": "13.00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T18:20:59.255Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/3452696"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2025-64390",
        "datePublished": "2026-06-02T18:20:59.255Z",
        "dateReserved": "2025-10-31T15:00:01.446Z",
        "dateUpdated": "2026-06-03T16:05:58.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36924 (GCVE-0-2020-36924)

    Vulnerability from nvd – Published: 2026-01-06 15:52 – Updated: 2026-01-26 15:55
    VLAI
    Title
    Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
    Summary
    Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Pro-Bravia Sony BRAVIA Digital Signage Affected: 0 , ≤ 1.7.8 (custom)
    Create a notification for this product.
    Date Public
    2020-09-20 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36924",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:19:38.002512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:20:29.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sony BRAVIA Digital Signage",
              "vendor": "Pro-Bravia",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2020-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-26T15:55:01.315Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-49186",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/49186"
            },
            {
              "name": "Sony BRAVIA Digital Signage Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net"
            },
            {
              "name": "BRAVIA Signage Software Resources",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
            },
            {
              "name": "Sony Professional Display Software Product Page",
              "tags": [
                "product"
              ],
              "url": "https://pro.sony/ue_US/products/display-software"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5612)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php"
            },
            {
              "name": "Packet Storm Security Exploit Archive",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstorm.news/files/id/160345"
            },
            {
              "name": "IBM X-Force Exchange Vulnerability Entry",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192605"
            },
            {
              "name": "CXSecurity Vulnerability Listing",
              "tags": [
                "exploit"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2020120030"
            },
            {
              "name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusion"
            }
          ],
          "title": "Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36924",
        "datePublished": "2026-01-06T15:52:28.074Z",
        "dateReserved": "2026-01-03T14:10:13.302Z",
        "dateUpdated": "2026-01-26T15:55:01.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36922 (GCVE-0-2020-36922)

    Vulnerability from nvd – Published: 2026-01-06 15:52 – Updated: 2026-01-06 18:24
    VLAI
    Title
    Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure
    Summary
    Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Pro-Bravia Sony BRAVIA Digital Signage Affected: 0 , ≤ 1.7.8 (custom)
    Create a notification for this product.
    Date Public
    2020-09-20 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36922",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:23:14.999522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:24:00.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sony BRAVIA Digital Signage",
              "vendor": "Pro-Bravia",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2020-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T15:52:27.136Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-49187",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/49187"
            },
            {
              "name": "Sony BRAVIA Digital Signage Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net"
            },
            {
              "name": "BRAVIA Signage Software Resources",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
            },
            {
              "name": "Sony Professional Display Software Product Page",
              "tags": [
                "product"
              ],
              "url": "https://pro.sony/ue_US/products/display-software"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5610)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php"
            },
            {
              "name": "Packet Storm Security Exploit Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstorm.news/files/id/160343"
            },
            {
              "name": "CXSecurity Vulnerability Database",
              "tags": [
                "exploit"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2020120028"
            },
            {
              "name": "IBM X-Force Vulnerability Exchange",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192606"
            },
            {
              "name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure"
            }
          ],
          "title": "Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36922",
        "datePublished": "2026-01-06T15:52:27.136Z",
        "dateReserved": "2026-01-03T14:10:13.302Z",
        "dateUpdated": "2026-01-06T18:24:00.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36923 (GCVE-0-2020-36923)

    Vulnerability from nvd – Published: 2026-01-06 15:52 – Updated: 2026-01-06 18:56
    VLAI
    Title
    Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
    Summary
    Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Date Public
    2020-12-02 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36923",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:52:18.623292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:56:11.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/codes/sonybravia_idor.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sony BRAVIA Digital Signage",
              "vendor": "Sony Electronics Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.7.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2020-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like \u0027/#/content-creation\u0027 by manipulating client-side access restrictions."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T15:52:27.572Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5611)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php"
            },
            {
              "name": "IBM X-Force Exchange Vulnerability Entry",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192607"
            },
            {
              "name": "CXSecurity Vulnerability Listing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2020120031"
            },
            {
              "name": "Packet Storm Security Exploit Archive",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/160344"
            },
            {
              "name": "Sony Professional Display Software Product Page",
              "tags": [
                "product"
              ],
              "url": "https://pro.sony/ue_US/products/display-software"
            },
            {
              "name": "BRAVIA Signage Software Resources",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
            },
            {
              "name": "Sony BRAVIA Digital Signage Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net"
            },
            {
              "name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idor"
            }
          ],
          "title": "Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36923",
        "datePublished": "2026-01-06T15:52:27.572Z",
        "dateReserved": "2026-01-03T14:10:13.302Z",
        "dateUpdated": "2026-01-06T18:56:11.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5124 (GCVE-0-2025-5124)

    Vulnerability from nvd – Published: 2025-05-24 13:00 – Updated: 2025-05-28 17:40 Disputed
    VLAI
    Title
    Sony SNC-M1 Administrative Interface default credentials
    Summary
    A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sony SNC-M1 Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-M3 Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-RZ25N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-RZ30N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-DS10 Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-CS3N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-RX570N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Credits
    zeke (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5124",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T14:23:36.848121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T17:40:32.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/zeke2997/CVE_request_Sony"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-M1",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-M3",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-RZ25N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-RZ30N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-DS10",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-CS3N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-RX570N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zeke (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they \"have published the \u0027Hardening Guide\u0027 on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords\"."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N bis 1.30 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Administrative Interface. Durch die Manipulation mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt. Als bestm\u00f6gliche Massnahme werden Anpassungen an der Konfiguration empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-24T13:00:14.671Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-310203 | Sony SNC-M1 Administrative Interface default credentials",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.310203"
            },
            {
              "name": "VDB-310203 | CTI Indicators (IOB, IOC)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.310203"
            },
            {
              "name": "Submit #564839 | sony Network Camera SNC \u003c=1.30 Use of Default Credentials",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.564839"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/zeke2997/CVE_request_Sony"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/zeke2997/CVE_request_Sony#3-poc"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-23T20:03:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Sony SNC-M1 Administrative Interface default credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-5124",
        "datePublished": "2025-05-24T13:00:14.671Z",
        "dateReserved": "2025-05-23T17:58:19.738Z",
        "dateUpdated": "2025-05-28T17:40:32.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23934 (GCVE-0-2024-23934)

    Vulnerability from nvd – Published: 2024-09-23 14:16 – Updated: 2025-08-26 21:01
    VLAI
    Title
    Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. . Was ZDI-CAN-22994.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sony XAV-AX5500 Affected: 1.13
    Create a notification for this product.
    sony xav-ax5500 Affected: 1.13
        cpe:2.3:o:sony:xav-ax5500:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-22 00:01
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sony:xav-ax5500:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xav-ax5500",
                "vendor": "sony",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T14:29:29.183157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T21:01:17.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "XAV-AX5500",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13"
                }
              ]
            }
          ],
          "dateAssigned": "2024-01-24T09:05:00.000Z",
          "datePublic": "2024-06-22T00:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\u003c/p\u003e\u003cp\u003e. Was ZDI-CAN-22994.\u003c/p\u003e"
                }
              ],
              "value": "Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\n. Was ZDI-CAN-22994."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-23T14:16:02.143Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "name": "ZDI-24-875",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-875/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156"
            }
          ],
          "source": {
            "discovery": "EXTERNAL",
            "lang": "en",
            "value": "Gary Wang"
          },
          "title": "Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2024-23934",
        "datePublished": "2024-09-23T14:16:02.143Z",
        "dateReserved": "2024-01-23T21:45:30.919Z",
        "dateUpdated": "2025-08-26T21:01:17.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23933 (GCVE-0-2024-23933)

    Vulnerability from nvd – Published: 2024-09-23 14:12 – Updated: 2025-08-26 20:58
    VLAI
    Title
    Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sony XAV-AX5500 Affected: 1.13
    Create a notification for this product.
    Date Public
    2024-06-22 00:01
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23933",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T14:35:34.432356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T20:58:21.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "XAV-AX5500",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13"
                }
              ]
            }
          ],
          "dateAssigned": "2024-06-14T23:05:00.000Z",
          "datePublic": "2024-06-22T00:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of \tSony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\u003c/p\u003e\u003cp\u003eWas ZDI-CAN-23238\u003c/p\u003e"
                }
              ],
              "value": "Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of \tSony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\nWas ZDI-CAN-23238"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-23T14:12:38.125Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "name": "ZDI-24-877",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-877/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156"
            }
          ],
          "source": {
            "discovery": "EXTERNAL",
            "lang": "en",
            "value": "Midnight Blue / PHP Hooligans"
          },
          "title": "Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2024-23933",
        "datePublished": "2024-09-23T14:12:38.125Z",
        "dateReserved": "2024-01-23T21:45:30.919Z",
        "dateUpdated": "2025-08-26T20:58:21.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-64390 (GCVE-0-2025-64390)

    Vulnerability from cvelistv5 – Published: 2026-06-02 18:20 – Updated: 2026-06-03 16:05
    VLAI
    Summary
    A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sony PS4 Affected: 13.00 , < 13.02 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64390",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T16:05:55.908933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T16:05:58.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PS4",
              "vendor": "Sony",
              "versions": [
                {
                  "lessThan": "13.02",
                  "status": "affected",
                  "version": "13.00",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T18:20:59.255Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://hackerone.com/reports/3452696"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2025-64390",
        "datePublished": "2026-06-02T18:20:59.255Z",
        "dateReserved": "2025-10-31T15:00:01.446Z",
        "dateUpdated": "2026-06-03T16:05:58.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36924 (GCVE-0-2020-36924)

    Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-26 15:55
    VLAI
    Title
    Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
    Summary
    Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Pro-Bravia Sony BRAVIA Digital Signage Affected: 0 , ≤ 1.7.8 (custom)
    Create a notification for this product.
    Date Public
    2020-09-20 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36924",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:19:38.002512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:20:29.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sony BRAVIA Digital Signage",
              "vendor": "Pro-Bravia",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2020-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-26T15:55:01.315Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-49186",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/49186"
            },
            {
              "name": "Sony BRAVIA Digital Signage Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net"
            },
            {
              "name": "BRAVIA Signage Software Resources",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
            },
            {
              "name": "Sony Professional Display Software Product Page",
              "tags": [
                "product"
              ],
              "url": "https://pro.sony/ue_US/products/display-software"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5612)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php"
            },
            {
              "name": "Packet Storm Security Exploit Archive",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstorm.news/files/id/160345"
            },
            {
              "name": "IBM X-Force Exchange Vulnerability Entry",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192605"
            },
            {
              "name": "CXSecurity Vulnerability Listing",
              "tags": [
                "exploit"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2020120030"
            },
            {
              "name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusion"
            }
          ],
          "title": "Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36924",
        "datePublished": "2026-01-06T15:52:28.074Z",
        "dateReserved": "2026-01-03T14:10:13.302Z",
        "dateUpdated": "2026-01-26T15:55:01.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36923 (GCVE-0-2020-36923)

    Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 18:56
    VLAI
    Title
    Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
    Summary
    Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Date Public
    2020-12-02 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36923",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:52:18.623292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:56:11.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/codes/sonybravia_idor.txt"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sony BRAVIA Digital Signage",
              "vendor": "Sony Electronics Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=1.7.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2020-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like \u0027/#/content-creation\u0027 by manipulating client-side access restrictions."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T15:52:27.572Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5611)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php"
            },
            {
              "name": "IBM X-Force Exchange Vulnerability Entry",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192607"
            },
            {
              "name": "CXSecurity Vulnerability Listing",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2020120031"
            },
            {
              "name": "Packet Storm Security Exploit Archive",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/160344"
            },
            {
              "name": "Sony Professional Display Software Product Page",
              "tags": [
                "product"
              ],
              "url": "https://pro.sony/ue_US/products/display-software"
            },
            {
              "name": "BRAVIA Signage Software Resources",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
            },
            {
              "name": "Sony BRAVIA Digital Signage Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net"
            },
            {
              "name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idor"
            }
          ],
          "title": "Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36923",
        "datePublished": "2026-01-06T15:52:27.572Z",
        "dateReserved": "2026-01-03T14:10:13.302Z",
        "dateUpdated": "2026-01-06T18:56:11.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36922 (GCVE-0-2020-36922)

    Vulnerability from cvelistv5 – Published: 2026-01-06 15:52 – Updated: 2026-01-06 18:24
    VLAI
    Title
    Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure
    Summary
    Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Pro-Bravia Sony BRAVIA Digital Signage Affected: 0 , ≤ 1.7.8 (custom)
    Create a notification for this product.
    Date Public
    2020-09-20 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36922",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:23:14.999522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:24:00.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sony BRAVIA Digital Signage",
              "vendor": "Pro-Bravia",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2020-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T15:52:27.136Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-49187",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/49187"
            },
            {
              "name": "Sony BRAVIA Digital Signage Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net"
            },
            {
              "name": "BRAVIA Signage Software Resources",
              "tags": [
                "product"
              ],
              "url": "https://pro-bravia.sony.net/resources/software/bravia-signage/"
            },
            {
              "name": "Sony Professional Display Software Product Page",
              "tags": [
                "product"
              ],
              "url": "https://pro.sony/ue_US/products/display-software"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5610)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php"
            },
            {
              "name": "Packet Storm Security Exploit Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstorm.news/files/id/160343"
            },
            {
              "name": "CXSecurity Vulnerability Database",
              "tags": [
                "exploit"
              ],
              "url": "https://cxsecurity.com/issue/WLB-2020120028"
            },
            {
              "name": "IBM X-Force Vulnerability Exchange",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192606"
            },
            {
              "name": "VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-system-api-information-disclosure"
            }
          ],
          "title": "Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-36922",
        "datePublished": "2026-01-06T15:52:27.136Z",
        "dateReserved": "2026-01-03T14:10:13.302Z",
        "dateUpdated": "2026-01-06T18:24:00.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5124 (GCVE-0-2025-5124)

    Vulnerability from cvelistv5 – Published: 2025-05-24 13:00 – Updated: 2025-05-28 17:40 Disputed
    VLAI
    Title
    Sony SNC-M1 Administrative Interface default credentials
    Summary
    A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords".
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sony SNC-M1 Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-M3 Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-RZ25N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-RZ30N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-DS10 Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-CS3N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Sony SNC-RX570N Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Affected: 1.6
    Affected: 1.7
    Affected: 1.8
    Affected: 1.9
    Affected: 1.10
    Affected: 1.11
    Affected: 1.12
    Affected: 1.13
    Affected: 1.14
    Affected: 1.15
    Affected: 1.16
    Affected: 1.17
    Affected: 1.18
    Affected: 1.19
    Affected: 1.20
    Affected: 1.21
    Affected: 1.22
    Affected: 1.23
    Affected: 1.24
    Affected: 1.25
    Affected: 1.26
    Affected: 1.27
    Affected: 1.28
    Affected: 1.29
    Affected: 1.30
    Create a notification for this product.
    Credits
    zeke (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5124",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T14:23:36.848121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T17:40:32.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/zeke2997/CVE_request_Sony"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-M1",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-M3",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-RZ25N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-RZ30N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-DS10",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-CS3N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            },
            {
              "modules": [
                "Administrative Interface"
              ],
              "product": "SNC-RX570N",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "1.6"
                },
                {
                  "status": "affected",
                  "version": "1.7"
                },
                {
                  "status": "affected",
                  "version": "1.8"
                },
                {
                  "status": "affected",
                  "version": "1.9"
                },
                {
                  "status": "affected",
                  "version": "1.10"
                },
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                },
                {
                  "status": "affected",
                  "version": "1.13"
                },
                {
                  "status": "affected",
                  "version": "1.14"
                },
                {
                  "status": "affected",
                  "version": "1.15"
                },
                {
                  "status": "affected",
                  "version": "1.16"
                },
                {
                  "status": "affected",
                  "version": "1.17"
                },
                {
                  "status": "affected",
                  "version": "1.18"
                },
                {
                  "status": "affected",
                  "version": "1.19"
                },
                {
                  "status": "affected",
                  "version": "1.20"
                },
                {
                  "status": "affected",
                  "version": "1.21"
                },
                {
                  "status": "affected",
                  "version": "1.22"
                },
                {
                  "status": "affected",
                  "version": "1.23"
                },
                {
                  "status": "affected",
                  "version": "1.24"
                },
                {
                  "status": "affected",
                  "version": "1.25"
                },
                {
                  "status": "affected",
                  "version": "1.26"
                },
                {
                  "status": "affected",
                  "version": "1.27"
                },
                {
                  "status": "affected",
                  "version": "1.28"
                },
                {
                  "status": "affected",
                  "version": "1.29"
                },
                {
                  "status": "affected",
                  "version": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zeke (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they \"have published the \u0027Hardening Guide\u0027 on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords\"."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N bis 1.30 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Administrative Interface. Durch die Manipulation mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt. Als bestm\u00f6gliche Massnahme werden Anpassungen an der Konfiguration empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-24T13:00:14.671Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-310203 | Sony SNC-M1 Administrative Interface default credentials",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.310203"
            },
            {
              "name": "VDB-310203 | CTI Indicators (IOB, IOC)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.310203"
            },
            {
              "name": "Submit #564839 | sony Network Camera SNC \u003c=1.30 Use of Default Credentials",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.564839"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/zeke2997/CVE_request_Sony"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/zeke2997/CVE_request_Sony#3-poc"
            }
          ],
          "tags": [
            "disputed"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-23T20:03:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Sony SNC-M1 Administrative Interface default credentials"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-5124",
        "datePublished": "2025-05-24T13:00:14.671Z",
        "dateReserved": "2025-05-23T17:58:19.738Z",
        "dateUpdated": "2025-05-28T17:40:32.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23934 (GCVE-0-2024-23934)

    Vulnerability from cvelistv5 – Published: 2024-09-23 14:16 – Updated: 2025-08-26 21:01
    VLAI
    Title
    Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. . Was ZDI-CAN-22994.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sony XAV-AX5500 Affected: 1.13
    Create a notification for this product.
    sony xav-ax5500 Affected: 1.13
        cpe:2.3:o:sony:xav-ax5500:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-22 00:01
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:sony:xav-ax5500:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xav-ax5500",
                "vendor": "sony",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T14:29:29.183157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T21:01:17.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "XAV-AX5500",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13"
                }
              ]
            }
          ],
          "dateAssigned": "2024-01-24T09:05:00.000Z",
          "datePublic": "2024-06-22T00:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\u003c/p\u003e\u003cp\u003e. Was ZDI-CAN-22994.\u003c/p\u003e"
                }
              ],
              "value": "Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\n. Was ZDI-CAN-22994."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-23T14:16:02.143Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "name": "ZDI-24-875",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-875/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156"
            }
          ],
          "source": {
            "discovery": "EXTERNAL",
            "lang": "en",
            "value": "Gary Wang"
          },
          "title": "Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2024-23934",
        "datePublished": "2024-09-23T14:16:02.143Z",
        "dateReserved": "2024-01-23T21:45:30.919Z",
        "dateUpdated": "2025-08-26T21:01:17.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23933 (GCVE-0-2024-23933)

    Vulnerability from cvelistv5 – Published: 2024-09-23 14:12 – Updated: 2025-08-26 20:58
    VLAI
    Title
    Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sony XAV-AX5500 Affected: 1.13
    Create a notification for this product.
    Date Public
    2024-06-22 00:01
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23933",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T14:35:34.432356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T20:58:21.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "XAV-AX5500",
              "vendor": "Sony",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13"
                }
              ]
            }
          ],
          "dateAssigned": "2024-06-14T23:05:00.000Z",
          "datePublic": "2024-06-22T00:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of \tSony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.\u003c/p\u003e\u003cp\u003eThe specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\u003c/p\u003e\u003cp\u003eWas ZDI-CAN-23238\u003c/p\u003e"
                }
              ],
              "value": "Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of \tSony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n\nWas ZDI-CAN-23238"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-23T14:12:38.125Z",
            "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
            "shortName": "ASRG"
          },
          "references": [
            {
              "name": "ZDI-24-877",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-877/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156"
            }
          ],
          "source": {
            "discovery": "EXTERNAL",
            "lang": "en",
            "value": "Midnight Blue / PHP Hooligans"
          },
          "title": "Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "assignerShortName": "ASRG",
        "cveId": "CVE-2024-23933",
        "datePublished": "2024-09-23T14:12:38.125Z",
        "dateReserved": "2024-01-23T21:45:30.919Z",
        "dateUpdated": "2025-08-26T20:58:21.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201710-0974

    Vulnerability from variot - Updated: 2024-07-23 21:12

    Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). A group key reload vulnerability exists in WPA2 wireless network sleep mode. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2907 Issue date: 2017-10-17 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 =====================================================================

    1. Summary:

    An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    aarch64: wpa_supplicant-2.6-5.el7_4.1.aarch64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm

    ppc64: wpa_supplicant-2.6-5.el7_4.1.ppc64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm

    ppc64le: wpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm

    s390x: wpa_supplicant-2.6-5.el7_4.1.s390x.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13082 https://access.redhat.com/security/cve/CVE-2017-13086 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/cve/CVE-2017-13088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2017 Red Hat, Inc. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

    An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.

    For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.

    For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1.

    For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1.

    We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017

    wpa vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.04
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Summary:

    Several security issues were fixed in wpa_supplicant.

    Software Description: - wpa: client support for WPA and WPA2

    Details:

    Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1

    Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2

    Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5

    After a standard system update you need to reboot your computer to make all the necessary changes. 6) - i386, x86_64

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz

    MD5 signatures: +-------------+

    Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz

    Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project

    Topic: WPA2 protocol vulnerability

    Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

    1. Revision history

    v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases.

    I.

    hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol.

    II. Problem Description

    A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.

    III. Impact

    Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

    IV. Workaround

    An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    wpa_supplicant_program="/usr/local/sbin/wpa_supplicant"

    and restart networking.

    An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    hostapd_program="/usr/local/sbin/hostapd"

    and restart hostapd.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

    freebsd-update fetch

    freebsd-update install

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc

    gpg --verify wpa-11.patch.asc

    [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc

    gpg --verify wpa-10.patch.asc

    b) Apply the patch. Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in .

    Restart the applicable daemons, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each affected branch.

    Branch/path Revision


    stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741


    To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

    svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    VII. References

    The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0974",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linux enterprise point of sale",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "openstack cloud",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "6"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.7"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.3"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "17.04"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9front",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adtran",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aerohive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "alcatel lucent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "android open source",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "barracuda",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cambium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "centos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cradlepoint",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cypress semiconductor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "digi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "draytek",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "edimax computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "engenius",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "endian",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "espressif",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f secure",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hostap",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ipfire",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lancom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lede",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lifx",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mojo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nest",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opnsense",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "omnirom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "open mesh",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "peplink",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "riverbed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruckus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung mobile",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tp link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "texas instruments",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba commerce",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba electronic devices storage",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba memory",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "turris omnia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "volumio",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xiaomi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xirrus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zebra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dd wrt",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "eero",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "freebsd",
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "leap",
            "scope": null,
            "trust": 0.8,
            "vendor": "opensuse",
            "version": null
          },
          {
            "model": "linux enterprise desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise point of sale",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise server",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "openstack cloud",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "hostapd",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "wpa supplicant",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "enterprise linux desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "enterprise linux server",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "edge gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "sr-m20ac1",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "sr-m20ac2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "alliance wi-fi protected access 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "wi fi",
            "version": null
          },
          {
            "model": "scalance w-700",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux desktop",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux server",
            "version": "11"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.1"
          },
          {
            "model": "pyxis supplystation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "sinamics smart access module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "v200"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.27.3264"
          },
          {
            "model": "meraki mr34",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ck71a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2.0"
          },
          {
            "model": "macbook air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18500"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.0"
          },
          {
            "model": "meraki mr26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "28000"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr84",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "510x0"
          },
          {
            "model": "windows server r2 for itanium-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "contact itc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "81130"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.0.0"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr18",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.3"
          },
          {
            "model": "scalance w1750d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "secure ii med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "210x0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "aironet access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "wap371 wireless-ac n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "contact rad-80211-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "contact fl wlan dap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.25"
          },
          {
            "model": "pyxis medstation es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "wireless ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88210"
          },
          {
            "model": "pyxis stockstation system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "macbook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.2"
          },
          {
            "model": "scalance wlc712",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "contact fl wlan spa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "meraki mr62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic et200 pro im154-6 pn iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "tropos broadband mesh routers and bridges",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "abb",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.2"
          },
          {
            "model": "meraki mr33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "micros handheld terminal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.2"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.6"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "110x0"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.4"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": "contact fl comserver wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "232/422/4850"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.8"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7."
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1.91.3272"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.9"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "230802-110"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.1"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18150"
          },
          {
            "model": "wireless client bridge 2.0.0.1-aruba501-b00",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.2"
          },
          {
            "model": "airport express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "clarity engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0"
          },
          {
            "model": "meraki mr30h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airport extreme",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0"
          },
          {
            "model": "contact bl2 bpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "enterprise linux for ibm z systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "watch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "4.0"
          },
          {
            "model": "ruggedcom rx1400",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "cn70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "pyxis parx handheld",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.40.100"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "windows rt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.1"
          },
          {
            "model": "meraki mr42",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.6"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.3"
          },
          {
            "model": "wap561 wireless-n dual radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.26.3000"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6"
          },
          {
            "model": "tvos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2016"
          },
          {
            "model": "contact rad-whg/wlan-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.3"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.4.0"
          },
          {
            "model": "suremark printer 2nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "enterprise linux for power little endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.0.0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.8"
          },
          {
            "model": "windows server for x64-based systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "pyxis supply roller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.3"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "model": "telepresence collaboration endpoint",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2.61.3535"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "70xx0"
          },
          {
            "model": "imac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr72",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.25.3001"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2"
          },
          {
            "model": "meraki mr53",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "wap551 wireless-n single radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.0.0"
          },
          {
            "model": "wap121 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.5"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.0.1000"
          },
          {
            "model": "wireless client bridge 1.0.1.3-hp501-b0012",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "i.roc ci70-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.0.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1"
          },
          {
            "model": "cn70e-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.0.0.0"
          },
          {
            "model": "meraki mr24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "suremark printer 1nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "50xx0"
          },
          {
            "model": "meraki mr74",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.15"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.20"
          },
          {
            "model": "anyconnect secure mobility client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.1"
          },
          {
            "model": "systems esp32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "micros handheld terminal 2.03.0.0.021r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "38000"
          },
          {
            "model": "pyxis parx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dx70",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1.9"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2141"
          },
          {
            "model": "pyxis anesthesia es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "aironet series officeextend access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18100"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.55.3000"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "model": "meraki mr66",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2131"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.2"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18300"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.0.50.1004"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.1.0"
          },
          {
            "model": "wap321 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic iwlan-pb/link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "aironet 1810w series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "meraki mr52",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airmesh msr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.20"
          },
          {
            "model": "watchos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "model": "contact fl wlan ec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.8"
          },
          {
            "model": "systems esp8266",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "pad-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.0.1205"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88610"
          },
          {
            "model": "clarity engine",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0.0.1"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15600"
          },
          {
            "model": "windows for 32-bit systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.5"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.8"
          },
          {
            "model": "windows for x64-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "meraki mr58",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.2"
          },
          {
            "model": "pyxis parassist system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "windows server for 32-bit systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.0"
          },
          {
            "model": "simatic mobile panel 277 iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "pyxis medstation t2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.0.0"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "ipad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "30xx0"
          },
          {
            "model": "enterprise linux for power big endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.6"
          },
          {
            "model": "wireless client bridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5010"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.5"
          },
          {
            "model": "meraki mr11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.3"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "35000"
          },
          {
            "model": "automation stratix 15.3 jc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "5100"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "pyxis ciisafe workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "??0"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.0.0"
          },
          {
            "model": "ipad air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "enterprise linux for scientific computing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1.71.3608"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.41.3024"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "model": "dx80",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.0"
          },
          {
            "model": "contact bl2 ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "contact tpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "60130"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1"
          },
          {
            "model": "ck70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.20"
          },
          {
            "model": "macbook pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.8"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.5"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.4"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.3"
          },
          {
            "model": "tab-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "macmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.16"
          },
          {
            "model": "contact fl wlan epa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "airport time capsule",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "alliance wpa2 (wi-fi protected access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wi fi",
            "version": "2)0"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.9"
          },
          {
            "model": "scalance wlc711",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "ruggedcom rs9xxw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.15"
          },
          {
            "model": "networks unifi access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubiquiti",
            "version": "0"
          },
          {
            "model": "suremark printer 2cr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88650"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "asa 5506w-x w/ firepower services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.9"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3005"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.0.0.0"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2010"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "14.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "16.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "17.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "8.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux desktop",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux point of sale",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "openstack cloud",
            "version": "6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mathy Vanhoef from imec-DistriNet and KU Leuven.",
        "sources": [
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-13087",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 5.5,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.9,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-13087",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CNVD-2017-30398",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-13087",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-13087",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-30398",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-388",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-13087",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or \"KRACK\" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). A group key reload vulnerability exists in WPA2 wireless network sleep mode. WPA2  is prone to multiple security weaknesses. \nExploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: wpa_supplicant security update\nAdvisory ID:       RHSA-2017:2907-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:2907\nIssue date:        2017-10-17\nCVE Names:         CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 \n                   CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n                   CVE-2017-13088 \n=====================================================================\n\n1. Summary:\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for\nWEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication\nmethods. They implement key negotiation with a WPA Authenticator for client\nstations and controls the roaming and IEEE 802.11 authentication and\nassociation of the WLAN driver. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\naarch64:\nwpa_supplicant-2.6-5.el7_4.1.aarch64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm\n\nppc64:\nwpa_supplicant-2.6-5.el7_4.1.ppc64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm\n\nppc64le:\nwpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm\n\ns390x:\nwpa_supplicant-2.6-5.el7_4.1.s390x.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-13077\nhttps://access.redhat.com/security/cve/CVE-2017-13078\nhttps://access.redhat.com/security/cve/CVE-2017-13080\nhttps://access.redhat.com/security/cve/CVE-2017-13082\nhttps://access.redhat.com/security/cve/CVE-2017-13086\nhttps://access.redhat.com/security/cve/CVE-2017-13087\nhttps://access.redhat.com/security/cve/CVE-2017-13088\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/kracks\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant). \n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1. \n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1. \n\nWe recommend that you upgrade your wpa packages. ==========================================================================\nUbuntu Security Notice USN-3455-1\nOctober 16, 2017\n\nwpa vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nMathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly\nhandled WPA2. (CVE-2017-13077,\nCVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A remote attacker could use\nthis issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A local attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-4477)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n  hostapd                         2.4-0ubuntu9.1\n  wpasupplicant                   2.4-0ubuntu9.1\n\nUbuntu 16.04 LTS:\n  hostapd                         2.4-0ubuntu6.2\n  wpasupplicant                   2.4-0ubuntu6.2\n\nUbuntu 14.04 LTS:\n  hostapd                         2.1-0ubuntu1.5\n  wpasupplicant                   2.1-0ubuntu1.5\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 6) - i386, x86_64\n\n3. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded. \n  This update includes patches to mitigate the WPA2 protocol issues known\n  as \"KRACK\" (Key Reinstallation AttaCK), which may be used to decrypt data,\n  hijack TCP connections, and to forge and inject packets. \n  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)\n    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)\n    while processing it. \n  For more information, see:\n    https://www.krackattacks.com/\n    https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd8ecfaadb50b3547967ab53733ffc019  wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nf25216d28800504ce498705da7c9a825  wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n15c61050e4bab2581757befd86be74c0  wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n49fd537a520338744f7757615556d352  wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc5539f40c8510af89be92945f0f80185  wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4c527ff84fcdfd7839f217bbce2e4ae4  wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n28bd88a54e96368f7a7020c1f5fb67fe  n/wpa_supplicant-2.6-i586-2.txz\n\nSlackware x86_64 -current package:\n464fc6b48d1ac077f47e9a3a8534c160  n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-17:07.wpa                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          WPA2 protocol vulnerability\n\nCategory:       contrib\nModule:         wpa\nAnnounced:      2017-10-16\nCredits:        Mathy Vanhoef\nAffects:        All supported versions of FreeBSD. \nCorrected:      2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)\n                2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)\n                2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)\n                2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE)\n                2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1)\n                2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22)\nCVE Name:       CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n                CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n                CVE-2017-13086, CVE-2017-13087, CVE-2017-13088\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\n0.   Revision history\n\nv1.0  2017-10-17 Initial release. \nv1.1  2017-10-19 Add patches for 10.x releases. \n\nI. \n\nhostapd and wpa_supplicant are implementations of user space daemon for\naccess points and wireless client that implements the WPA2 protocol. \n\nII.  Problem Description\n\nA vulnerability was found in how a number of implementations can be\ntriggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\nreplaying a specific frame that is used to manage the keys. \n\nIII. Impact\n\nSuch reinstallation of the encryption key can result in two different\ntypes of vulnerabilities: disabling replay protection and significantly\nreducing the security of encryption to the point of allowing frames to\nbe decrypted or some parts of the keys to be determined by an attacker\ndepending on which cipher is used. \n\nIV.  Workaround\n\nAn updated version of wpa_supplicant is available in the FreeBSD Ports\nCollection. Install version 2.6_2 or later of the\nsecurity/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf\nto use the new binary:\n\nwpa_supplicant_program=\"/usr/local/sbin/wpa_supplicant\"\n\nand restart networking. \n\nAn updated version of hostapd is available in the FreeBSD Ports\nCollection. Install version 2.6_1 or later of the net/hostapd port/pkg. \nOnce installed, update /etc/rc.conf to use the new binary:\n\nhostapd_program=\"/usr/local/sbin/hostapd\"\n\nand restart hostapd. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc\n# gpg --verify wpa-11.patch.asc\n\n[FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc\n# gpg --verify wpa-10.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/11/                                                        r324697\nreleng/11.0/                                                      r324698\nreleng/11.1/                                                      r324699\nstable/10/                                                        r324739\nreleng/10.3/                                                      r324740\nreleng/10.4/                                                      r324741\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e\n\u003cURL:https://www.krackattacks.com/\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD\nRjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P\nauc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf\nuJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/\nF/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp\ngN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM\n4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0\nVpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd\nOAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O\ny7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K\nxfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr\nSdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K\nETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE=\n=h/5q\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          }
        ],
        "trust": 3.96
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13087",
            "trust": 4.2
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "101274",
            "trust": 2.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-17420",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1039577",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039576",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039581",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039578",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039573",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-901333",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-005",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-114-01",
            "trust": 1.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-19-029-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-02",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388",
            "trust": 0.8
          },
          {
            "db": "JUNIPER",
            "id": "JSA10827",
            "trust": 0.8
          },
          {
            "db": "DLINK",
            "id": "SAP10075",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02A",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90609033",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4125",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-299-02",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-325-01",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "AA0BE958-12F8-4C92-BA4F-8046A72E7FE0",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13087",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144652",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144630",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144632",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144659",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144669",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "id": "VAR-201710-0974",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          }
        ],
        "trust": 1.3965711281818183
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          }
        ]
      },
      "last_update_date": "2024-07-23T21:12:37.370000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ARUBA-PSA-2017-007",
            "trust": 0.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "title": "DSA-3999",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2017/dsa-3999"
          },
          {
            "title": "FreeBSD-SA-17:07.wpa",
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "title": "LEN-17420",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/en/product_security/len-17420"
          },
          {
            "title": "NV17-024",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv17-024.html"
          },
          {
            "title": "openSUSE-SU-2017:2755",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
          },
          {
            "title": "SUSE-SU-2017:2745",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
          },
          {
            "title": "SUSE-SU-2017:2752",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
          },
          {
            "title": "KRACKs - wpa_supplicant Multiple Vulnerabilities",
            "trust": 0.8,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "title": "RHSA-2017:2907",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "title": "RHSA-2017:2911",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "title": "USN-3455-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "title": "WPA packet number reuse with replayed messages and key reinstallation",
            "trust": 0.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "title": "Wi-Fi\u306e\u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306e\u8907\u6570\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066  ",
            "trust": 0.8,
            "url": "http://www.fujitsu.com/jp/products/network/support/2017/srm-01/index.html"
          },
          {
            "title": "WPA2\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u5f0a\u793e\u8abf\u67fb\u30fb\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wpa2/"
          },
          {
            "title": "\u7121\u7ddaLAN \u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306e\u304a\u77e5\u3089\u305b ",
            "trust": 0.8,
            "url": "http://www.fmworld.net/biz/common/info/20171110/"
          },
          {
            "title": "Patch for WPA2 Wireless Network Sleep Mode Group Key Reload Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/103826"
          },
          {
            "title": "Multiple WiFi product WPA2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75502"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172911 - security advisory"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172907 - security advisory"
          },
          {
            "title": "Red Hat: CVE-2017-13087",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-13087"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-13087"
          },
          {
            "title": "Ubuntu Security Notice: wpa vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3455-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3999-1 wpa -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=08990d9925276738bd732fa4d58f9ef0"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-23] hostapd: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-23"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-22] wpa_supplicant: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-22"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6df91267eee9400a24a98876f50ffe84"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c29eb008bb212762e5cfb25c7c5c0d5"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20171016-wpa"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
          },
          {
            "title": "KRACK",
            "trust": 0.1,
            "url": "https://github.com/chinatso/krack "
          },
          {
            "title": "krackinfo",
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo "
          },
          {
            "title": "nixos-issue-db-example",
            "trust": 0.1,
            "url": "https://github.com/andir/nixos-issue-db-example "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/11/07/android_november_security_update/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.krackattacks.com/"
          },
          {
            "trust": 3.3,
            "url": "https://source.android.com/security/bulletin/2017-11-01"
          },
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/101274"
          },
          {
            "trust": 2.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171016-wpa"
          },
          {
            "trust": 2.7,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "trust": 2.5,
            "url": "http://www.debian.org/security/2017/dsa-3999"
          },
          {
            "trust": 2.2,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/228519"
          },
          {
            "trust": 2.1,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "trust": 1.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-3455-1"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039581"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039578"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039577"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039573"
          },
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-17420"
          },
          {
            "trust": 1.7,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201711-03"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13087"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-114-01"
          },
          {
            "trust": 1.1,
            "url": "https://papers.mathyvanhoef.com/ccs2017.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://w1.fi/security/2017-1/"
          },
          {
            "trust": 1.1,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00101\u0026languageid=en-fr"
          },
          {
            "trust": 1.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-13080"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-02"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-19-029-01"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13087"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/323.html"
          },
          {
            "trust": 0.8,
            "url": "https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-krack-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://www3.aerohive.com/support/security-bulletins/product-security-announcement-aerohives-response-to-krack-10162017.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.al-enterprise.com/en/support/security-alert-krack"
          },
          {
            "trust": 0.8,
            "url": "https://support.apple.com/en-gb/ht208222"
          },
          {
            "trust": 0.8,
            "url": "https://security.archlinux.org/avg-447"
          },
          {
            "trust": 0.8,
            "url": "https://www.asus.com/static_webpage/asus-product-security-advisory/"
          },
          {
            "trust": 0.8,
            "url": "https://community.barracudanetworks.com/forum/index.php?/topic/23525-security-advisories/page-2"
          },
          {
            "trust": 0.8,
            "url": "https://lists.centos.org/pipermail/centos-announce/2017-october/022569.html"
          },
          {
            "trust": 0.8,
            "url": "https://community.cypress.com/docs/doc-13871"
          },
          {
            "trust": 0.8,
            "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10075"
          },
          {
            "trust": 0.8,
            "url": "http://www.dell.com/support/article/sln307822"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/espressif/esp8266_nonos_sdk"
          },
          {
            "trust": 0.8,
            "url": "https://extremeportal.force.com/extrarticledetail?n=000018005"
          },
          {
            "trust": 0.8,
            "url": "https://bodhi.fedoraproject.org/updates/fedora-2017-60bfb576b7"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/psirt/fg-ir-17-196"
          },
          {
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 0.8,
            "url": "https://bugs.gentoo.org/634440"
          },
          {
            "trust": 0.8,
            "url": "https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null\u0026doclocale=en_us\u0026docid=emr_na-a00029151en_us"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10827"
          },
          {
            "trust": 0.8,
            "url": "https://support.lenovo.com/ca/en/product_security/len-17420"
          },
          {
            "trust": 0.8,
            "url": "http://www.microchip.com/wwwproducts/en/atwinc1500"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html"
          },
          {
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049498/security-advisory-for-wpa-2-vulnerabilities-psv-2017-2826-psv-2017-2836-psv-2017-2837"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/t/security-advisory-wpa2-vulnerability-vu-228519/12715"
          },
          {
            "trust": 0.8,
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.0.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.suse.com/de-de/support/kb/doc/?id=7022107"
          },
          {
            "trust": 0.8,
            "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---wpa-and-wpa2-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/changelog/stable.php?cpu=x86_64"
          },
          {
            "trust": 0.8,
            "url": "https://community.sophos.com/kb/en-us/127658"
          },
          {
            "trust": 0.8,
            "url": "https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rzrnc8igeiz_sw8egqhjcdmmwr8abw2dqcnfoyqotidrrk399uxrrwotuzgws7a87y6z88iuzmcq2u4uwcnlzypjnjj5-exr_wnhya-laxtrid-j3uchdtb8gylmuw6qzgktovtowsrrqlrs6-8dbeqhwc1mykqnlabgdjlf1yjvn7i5af4qtdwsn2tri7j"
          },
          {
            "trust": 0.8,
            "url": "http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm"
          },
          {
            "trust": 0.8,
            "url": "http://support.toshiba.com/support/staticcontentdetail?contentid=4015875\u0026isfromtoclink=false"
          },
          {
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/unifi-updates-blog/firmware-3-9-3-7537-for-uap-usw-has-been-released/ba-p/2099365"
          },
          {
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "trust": 0.8,
            "url": "http://en.miui.com/thread-954223-1-1.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.zebra.com/content/dam/zebra_new_ia/en-us/support-and-downloads/lifeguard-security/krack-security-bulletin.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_wpa2_key_management.shtml"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk120938"
          },
          {
            "trust": 0.8,
            "url": "https://community.rsa.com/docs/doc-84103"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k23642330"
          },
          {
            "trust": 0.8,
            "url": "https://forum.mikrotik.com/viewtopic.php?f=21\u0026t=126695"
          },
          {
            "trust": 0.8,
            "url": "https://community.linksys.com/t5/wireless-routers/krack-vulnerability/td-p/1218573"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02a"
          },
          {
            "trust": 0.8,
            "url": "https://www.ipa.go.jp/security/ciadr/vul/20171017_wpa2.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu90609033/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.kb.cert.org/vuls/id/cheu-aqnmyp"
          },
          {
            "trust": 0.6,
            "url": "https://www.kb.cert.org/vuls/id/228519/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13078"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13077"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13077"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13078"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13080"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13087"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13082"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13086"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13088"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13082"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13086"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13088"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13081"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/stevenhoneyman/wpa_gui/tree/master/wpa_supplicant-2.4"
          },
          {
            "trust": 0.3,
            "url": "http://www.wi-fi.org/index.php"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-ie/ht208847"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208334"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208327"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208325"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00009.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00008.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00000.html"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13081"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13084"
          },
          {
            "trust": 0.3,
            "url": "http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-299-02"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-325-01"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4477"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu9.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13078"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13080"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13082"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13077"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13081"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13086"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13088"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.krackattacks.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch"
          },
          {
            "trust": 0.1,
            "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-17T00:00:00",
            "db": "IVD",
            "id": "aa0be958-12f8-4c92-ba4f-8046a72e7fe0"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2017-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "date": "2017-10-17T16:52:00",
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "date": "2017-10-16T13:49:34",
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "date": "2017-10-16T23:23:00",
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "date": "2017-10-18T20:20:00",
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "date": "2017-10-18T20:44:00",
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "date": "2017-10-19T14:28:55",
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          },
          {
            "date": "2017-10-17T13:29:00.600000",
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30398"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13087"
          },
          {
            "date": "2019-02-21T09:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2019-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009178"
          },
          {
            "date": "2020-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-13087"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-388"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201710-0211

    Vulnerability from variot - Updated: 2024-07-23 21:10

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a GTK group key reload vulnerability in the fourth handshake. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2907 Issue date: 2017-10-17 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 =====================================================================

    1. Summary:

    An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    aarch64: wpa_supplicant-2.6-5.el7_4.1.aarch64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm

    ppc64: wpa_supplicant-2.6-5.el7_4.1.ppc64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm

    ppc64le: wpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm

    s390x: wpa_supplicant-2.6-5.el7_4.1.s390x.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13082 https://access.redhat.com/security/cve/CVE-2017-13086 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/cve/CVE-2017-13088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9

    AirPort Base Station Firmware Update 7.7.9 is now available and addresses the following:

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Firmware version 7.7.9 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.

    AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Wi-Fi Update for Boot Camp 6.4.0 may be obtained from Apple Software Update for Windows. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017

    wpa vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.04
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Summary:

    Several security issues were fixed in wpa_supplicant.

    Software Description: - wpa: client support for WPA and WPA2

    Details:

    Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1

    Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2

    Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5

    After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201711-03


                                           https://security.gentoo.org/
    

    Severity: Normal Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks Date: November 10, 2017 Bugs: #634436, #634438 ID: 201711-03


    Synopsis

    A flaw was discovered in the 4-way handshake in hostapd and wpa_supplicant that allows attackers to conduct a Man in the Middle attack.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-wireless/hostapd < 2.6-r1 >= 2.6-r1 2 net-wireless/wpa_supplicant < 2.6-r3 >= 2.6-r3 ------------------------------------------------------------------- 2 affected packages

    Description

    WiFi Protected Access (WPA and WPA2) and it's associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details.

    Impact

    An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks.

    Workaround

    There is no known workaround at this time.

    Resolution

    All hostapd users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.6-r1"

    All wpa_supplicant users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/wpa_supplicant-2.6-r3"

    References

    [ 1 ] CVE-2017-13077 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077 [ 2 ] CVE-2017-13078 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078 [ 3 ] CVE-2017-13079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079 [ 4 ] CVE-2017-13080 . 6) - i386, x86_64

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project

    Topic: WPA2 protocol vulnerability

    Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

    1. Revision history

    v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases.

    I.

    hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol.

    II. Problem Description

    A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.

    III. Impact

    Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

    IV. Workaround

    An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    wpa_supplicant_program="/usr/local/sbin/wpa_supplicant"

    and restart networking.

    An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    hostapd_program="/usr/local/sbin/hostapd"

    and restart hostapd.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

    freebsd-update fetch

    freebsd-update install

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc

    gpg --verify wpa-11.patch.asc

    [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc

    gpg --verify wpa-10.patch.asc

    b) Apply the patch. Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in .

    Restart the applicable daemons, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each affected branch.

    Branch/path Revision


    stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741


    To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

    svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    VII. References

    The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE----- .

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz

    MD5 signatures: +-------------+

    Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz

    Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0211",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "openstack cloud",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "linux enterprise point of sale",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.7"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.3"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "17.04"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9front",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adtran",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aerohive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "alcatel lucent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "android open source",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "barracuda",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cambium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "centos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cradlepoint",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cypress semiconductor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "digi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "draytek",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "edimax computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "engenius",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "endian",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "espressif",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f secure",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hostap",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ipfire",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lancom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lede",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lifx",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mojo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nest",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opnsense",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "omnirom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "open mesh",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "peplink",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "riverbed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruckus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung mobile",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tp link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "texas instruments",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba commerce",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba electronic devices storage",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba memory",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "turris omnia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "volumio",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xiaomi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xirrus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zebra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dd wrt",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "eero",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "freebsd",
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "leap",
            "scope": null,
            "trust": 0.8,
            "vendor": "opensuse",
            "version": null
          },
          {
            "model": "linux enterprise desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise point of sale",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise server",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "openstack cloud",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "hostapd",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "wpa supplicant",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "enterprise linux desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "enterprise linux server",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "edge gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "sr-m20ac1",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "sr-m20ac2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "alliance wi-fi protected access 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "wi fi",
            "version": null
          },
          {
            "model": "scalance w-700",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux desktop",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux server",
            "version": "11"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.1"
          },
          {
            "model": "pyxis supplystation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "sinamics smart access module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "v200"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.27.3264"
          },
          {
            "model": "meraki mr34",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ck71a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2.0"
          },
          {
            "model": "macbook air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18500"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.0"
          },
          {
            "model": "meraki mr26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "28000"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr84",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "510x0"
          },
          {
            "model": "windows server r2 for itanium-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "contact itc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "81130"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.0.0"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr18",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.3"
          },
          {
            "model": "scalance w1750d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "secure ii med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "210x0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "aironet access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "wap371 wireless-ac n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "contact rad-80211-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "contact fl wlan dap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.25"
          },
          {
            "model": "pyxis medstation es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "wireless ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88210"
          },
          {
            "model": "pyxis stockstation system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "macbook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.2"
          },
          {
            "model": "scalance wlc712",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "contact fl wlan spa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "meraki mr62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic et200 pro im154-6 pn iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "tropos broadband mesh routers and bridges",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "abb",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.2"
          },
          {
            "model": "meraki mr33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "micros handheld terminal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.2"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.6"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "110x0"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.4"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": "contact fl comserver wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "232/422/4850"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.8"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7."
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1.91.3272"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.9"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "230802-110"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.1"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18150"
          },
          {
            "model": "wireless client bridge 2.0.0.1-aruba501-b00",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.2"
          },
          {
            "model": "airport express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "clarity engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0"
          },
          {
            "model": "meraki mr30h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airport extreme",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0"
          },
          {
            "model": "contact bl2 bpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "enterprise linux for ibm z systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "watch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "4.0"
          },
          {
            "model": "ruggedcom rx1400",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "cn70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "pyxis parx handheld",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.40.100"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "windows rt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.1"
          },
          {
            "model": "meraki mr42",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.6"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.3"
          },
          {
            "model": "wap561 wireless-n dual radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.26.3000"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6"
          },
          {
            "model": "tvos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2016"
          },
          {
            "model": "contact rad-whg/wlan-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.3"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.4.0"
          },
          {
            "model": "suremark printer 2nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "enterprise linux for power little endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.0.0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.8"
          },
          {
            "model": "windows server for x64-based systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "pyxis supply roller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.3"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "model": "telepresence collaboration endpoint",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2.61.3535"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "70xx0"
          },
          {
            "model": "imac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr72",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.25.3001"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2"
          },
          {
            "model": "meraki mr53",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "wap551 wireless-n single radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.0.0"
          },
          {
            "model": "wap121 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.5"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.0.1000"
          },
          {
            "model": "wireless client bridge 1.0.1.3-hp501-b0012",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "i.roc ci70-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.0.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1"
          },
          {
            "model": "cn70e-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.0.0.0"
          },
          {
            "model": "meraki mr24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "suremark printer 1nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "50xx0"
          },
          {
            "model": "meraki mr74",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.15"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.20"
          },
          {
            "model": "anyconnect secure mobility client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.1"
          },
          {
            "model": "systems esp32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "micros handheld terminal 2.03.0.0.021r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "38000"
          },
          {
            "model": "pyxis parx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dx70",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1.9"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2141"
          },
          {
            "model": "pyxis anesthesia es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "aironet series officeextend access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18100"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.55.3000"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "model": "meraki mr66",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2131"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.2"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18300"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.0.50.1004"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.1.0"
          },
          {
            "model": "wap321 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic iwlan-pb/link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "aironet 1810w series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "meraki mr52",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airmesh msr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.20"
          },
          {
            "model": "watchos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "model": "contact fl wlan ec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.8"
          },
          {
            "model": "systems esp8266",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "pad-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.0.1205"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88610"
          },
          {
            "model": "clarity engine",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0.0.1"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15600"
          },
          {
            "model": "windows for 32-bit systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.5"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.8"
          },
          {
            "model": "windows for x64-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "meraki mr58",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.2"
          },
          {
            "model": "pyxis parassist system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "windows server for 32-bit systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.0"
          },
          {
            "model": "simatic mobile panel 277 iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "pyxis medstation t2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.0.0"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "ipad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "30xx0"
          },
          {
            "model": "enterprise linux for power big endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.6"
          },
          {
            "model": "wireless client bridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5010"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.5"
          },
          {
            "model": "meraki mr11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.3"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "35000"
          },
          {
            "model": "automation stratix 15.3 jc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "5100"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "pyxis ciisafe workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "??0"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.0.0"
          },
          {
            "model": "ipad air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "enterprise linux for scientific computing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1.71.3608"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.41.3024"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "model": "dx80",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.0"
          },
          {
            "model": "contact bl2 ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "contact tpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "60130"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1"
          },
          {
            "model": "ck70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.20"
          },
          {
            "model": "macbook pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.8"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.5"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.4"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.3"
          },
          {
            "model": "tab-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "macmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.16"
          },
          {
            "model": "contact fl wlan epa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "airport time capsule",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "alliance wpa2 (wi-fi protected access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wi fi",
            "version": "2)0"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.9"
          },
          {
            "model": "scalance wlc711",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "ruggedcom rs9xxw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.15"
          },
          {
            "model": "networks unifi access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubiquiti",
            "version": "0"
          },
          {
            "model": "suremark printer 2cr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88650"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "asa 5506w-x w/ firepower services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.9"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3005"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.0.0.0"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2010"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "14.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "16.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "17.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "8.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux desktop",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux point of sale",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "openstack cloud",
            "version": "6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mathy Vanhoef from imec-DistriNet and KU Leuven.",
        "sources": [
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-13078",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 5.5,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.9,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-13078",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CNVD-2017-30405",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-13078",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-13078",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-30405",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-381",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-13078",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or \"KRACK\" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a GTK group key reload vulnerability in the fourth handshake. WPA2  is prone to multiple security weaknesses. \nExploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: wpa_supplicant security update\nAdvisory ID:       RHSA-2017:2907-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:2907\nIssue date:        2017-10-17\nCVE Names:         CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 \n                   CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n                   CVE-2017-13088 \n=====================================================================\n\n1. Summary:\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for\nWEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication\nmethods. They implement key negotiation with a WPA Authenticator for client\nstations and controls the roaming and IEEE 802.11 authentication and\nassociation of the WLAN driver. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\naarch64:\nwpa_supplicant-2.6-5.el7_4.1.aarch64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm\n\nppc64:\nwpa_supplicant-2.6-5.el7_4.1.ppc64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm\n\nppc64le:\nwpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm\n\ns390x:\nwpa_supplicant-2.6-5.el7_4.1.s390x.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-13077\nhttps://access.redhat.com/security/cve/CVE-2017-13078\nhttps://access.redhat.com/security/cve/CVE-2017-13080\nhttps://access.redhat.com/security/cve/CVE-2017-13082\nhttps://access.redhat.com/security/cve/CVE-2017-13086\nhttps://access.redhat.com/security/cve/CVE-2017-13087\nhttps://access.redhat.com/security/cve/CVE-2017-13088\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/kracks\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9\n\nAirPort Base Station Firmware Update 7.7.9 is now available and\naddresses the following:\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nunicast/PTK clients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. This was addressed with improved state management. \nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nmulticast/GTK clients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. This was addressed with improved state management. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nFirmware version 7.7.9 is installed on AirPort Extreme or\nAirPort Time Capsule base stations with 802.11ac using\nAirPort Utility for Mac or iOS. \n\nAirPort Utility for Mac is a free download from\nhttps://support.apple.com/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at\nKU Leuven\n\nInstallation note:\n\nWi-Fi Update for Boot Camp 6.4.0 may be obtained from Apple Software\nUpdate for Windows. ==========================================================================\nUbuntu Security Notice USN-3455-1\nOctober 16, 2017\n\nwpa vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nMathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly\nhandled WPA2. (CVE-2017-13077,\nCVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A remote attacker could use\nthis issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A local attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-4477)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n  hostapd                         2.4-0ubuntu9.1\n  wpasupplicant                   2.4-0ubuntu9.1\n\nUbuntu 16.04 LTS:\n  hostapd                         2.4-0ubuntu6.2\n  wpasupplicant                   2.4-0ubuntu6.2\n\nUbuntu 14.04 LTS:\n  hostapd                         2.1-0ubuntu1.5\n  wpasupplicant                   2.1-0ubuntu1.5\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201711-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK)\n           attacks\n     Date: November 10, 2017\n     Bugs: #634436, #634438\n       ID: 201711-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA flaw was discovered in the 4-way handshake in hostapd and\nwpa_supplicant that allows attackers to conduct a Man in the Middle\nattack. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-wireless/hostapd         \u003c 2.6-r1                  \u003e= 2.6-r1 \n  2  net-wireless/wpa_supplicant\n                                  \u003c 2.6-r3                  \u003e= 2.6-r3 \n    -------------------------------------------------------------------\n     2 affected packages\n\nDescription\n===========\n\nWiFi Protected Access (WPA and WPA2) and it\u0027s associated technologies\nare all vulnerable to the KRACK attacks. Please review the referenced\nCVE identifiers for details. \n\nImpact\n======\n\nAn attacker can carry out the KRACK attacks on a wireless network in\norder to gain access to network clients. Once achieved, the attacker\ncan potentially harvest confidential information (e.g. HTTP/HTTPS),\ninject malware, or perform a myriad of other attacks. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll hostapd users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-wireless/hostapd-2.6-r1\"\n\nAll wpa_supplicant users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=net-wireless/wpa_supplicant-2.6-r3\"\n\nReferences\n==========\n\n[  1 ] CVE-2017-13077\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077\n[  2 ] CVE-2017-13078\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078\n[  3 ] CVE-2017-13079\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079\n[  4 ] CVE-2017-13080\n. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-17:07.wpa                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          WPA2 protocol vulnerability\n\nCategory:       contrib\nModule:         wpa\nAnnounced:      2017-10-16\nCredits:        Mathy Vanhoef\nAffects:        All supported versions of FreeBSD. \nCorrected:      2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)\n                2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)\n                2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)\n                2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE)\n                2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1)\n                2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22)\nCVE Name:       CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n                CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n                CVE-2017-13086, CVE-2017-13087, CVE-2017-13088\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\n0.   Revision history\n\nv1.0  2017-10-17 Initial release. \nv1.1  2017-10-19 Add patches for 10.x releases. \n\nI. \n\nhostapd and wpa_supplicant are implementations of user space daemon for\naccess points and wireless client that implements the WPA2 protocol. \n\nII.  Problem Description\n\nA vulnerability was found in how a number of implementations can be\ntriggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\nreplaying a specific frame that is used to manage the keys. \n\nIII. Impact\n\nSuch reinstallation of the encryption key can result in two different\ntypes of vulnerabilities: disabling replay protection and significantly\nreducing the security of encryption to the point of allowing frames to\nbe decrypted or some parts of the keys to be determined by an attacker\ndepending on which cipher is used. \n\nIV.  Workaround\n\nAn updated version of wpa_supplicant is available in the FreeBSD Ports\nCollection. Install version 2.6_2 or later of the\nsecurity/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf\nto use the new binary:\n\nwpa_supplicant_program=\"/usr/local/sbin/wpa_supplicant\"\n\nand restart networking. \n\nAn updated version of hostapd is available in the FreeBSD Ports\nCollection. Install version 2.6_1 or later of the net/hostapd port/pkg. \nOnce installed, update /etc/rc.conf to use the new binary:\n\nhostapd_program=\"/usr/local/sbin/hostapd\"\n\nand restart hostapd. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc\n# gpg --verify wpa-11.patch.asc\n\n[FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc\n# gpg --verify wpa-10.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/11/                                                        r324697\nreleng/11.0/                                                      r324698\nreleng/11.1/                                                      r324699\nstable/10/                                                        r324739\nreleng/10.3/                                                      r324740\nreleng/10.4/                                                      r324741\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e\n\u003cURL:https://www.krackattacks.com/\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD\nRjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P\nauc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf\nuJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/\nF/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp\ngN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM\n4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0\nVpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd\nOAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O\ny7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K\nxfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr\nSdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K\nETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE=\n=h/5q\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded. \n  This update includes patches to mitigate the WPA2 protocol issues known\n  as \"KRACK\" (Key Reinstallation AttaCK), which may be used to decrypt data,\n  hijack TCP connections, and to forge and inject packets. \n  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)\n    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)\n    while processing it. \n  For more information, see:\n    https://www.krackattacks.com/\n    https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd8ecfaadb50b3547967ab53733ffc019  wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nf25216d28800504ce498705da7c9a825  wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n15c61050e4bab2581757befd86be74c0  wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n49fd537a520338744f7757615556d352  wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc5539f40c8510af89be92945f0f80185  wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4c527ff84fcdfd7839f217bbce2e4ae4  wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n28bd88a54e96368f7a7020c1f5fb67fe  n/wpa_supplicant-2.6-i586-2.txz\n\nSlackware x86_64 -current package:\n464fc6b48d1ac077f47e9a3a8534c160  n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13078",
            "trust": 4.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "101274",
            "trust": 2.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-17420",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1039577",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039576",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039581",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039578",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039585",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039573",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-003",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-005",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-901333",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-114-01",
            "trust": 1.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-19-029-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-02",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-325-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381",
            "trust": 0.8
          },
          {
            "db": "JUNIPER",
            "id": "JSA10827",
            "trust": 0.8
          },
          {
            "db": "DLINK",
            "id": "SAP10075",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02A",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU94846424",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90609033",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4125",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-299-02",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "D6BBEDBA-FFB0-46FC-8B8D-FC2A4FCE19B2",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13078",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144652",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145394",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145395",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "148445",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144632",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144944",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144659",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144669",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "id": "VAR-201710-0211",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          }
        ],
        "trust": 1.3965711281818183
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          }
        ]
      },
      "last_update_date": "2024-07-23T21:10:29.332000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ARUBA-PSA-2017-007",
            "trust": 0.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "title": "DSA-3999",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2017/dsa-3999"
          },
          {
            "title": "FreeBSD-SA-17:07.wpa",
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "title": "LEN-17420",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/en/product_security/len-17420"
          },
          {
            "title": "NV17-024",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv17-024.html"
          },
          {
            "title": "openSUSE-SU-2017:2755",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
          },
          {
            "title": "SUSE-SU-2017:2745",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
          },
          {
            "title": "SUSE-SU-2017:2752",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
          },
          {
            "title": "KRACKs - wpa_supplicant Multiple Vulnerabilities",
            "trust": 0.8,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "title": "RHSA-2017:2907",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "title": "RHSA-2017:2911",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "title": "USN-3455-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "title": "WPA packet number reuse with replayed messages and key reinstallation",
            "trust": 0.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "title": "Wi-Fi\u306e\u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306e\u8907\u6570\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.fujitsu.com/jp/products/network/support/2017/srm-01/index.html"
          },
          {
            "title": "WPA2\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u5f0a\u793e\u8abf\u67fb\u30fb\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wpa2/"
          },
          {
            "title": "\u7121\u7ddaLAN \u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306e\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.fmworld.net/biz/common/info/20171110/"
          },
          {
            "title": "Patch for WPA2 Wireless Network GTK Group Key Reload Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/103819"
          },
          {
            "title": "Multiple WiFi product WPA2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75495"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172911 - security advisory"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172907 - security advisory"
          },
          {
            "title": "Red Hat: CVE-2017-13078",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-13078"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-13078"
          },
          {
            "title": "Apple: Wi-Fi Update for Boot Camp 6.4.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4dc3bb86865485e4364fd6b2dc2fc379"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.7.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7ca8130f8030911575aa17c0e84114dd"
          },
          {
            "title": "Apple: watchOS 4.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=345c3fa8a313cd9a1ced5ef372c465c4"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.6.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=43d8dcf7961e20b6ec02761d12969c19"
          },
          {
            "title": "Debian CVElist Bug Report Logs: firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2e0affd9108e95fa2aa2c706c74cd8a9"
          },
          {
            "title": "Ubuntu Security Notice: wpa vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3455-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3999-1 wpa -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=08990d9925276738bd732fa4d58f9ef0"
          },
          {
            "title": "Apple: tvOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7a8e908aff7c02a31b2d335766e6d5c2"
          },
          {
            "title": "Apple: iOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7814c280e80969d4c4d88f74b13290f2"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-23] hostapd: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-23"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-22] wpa_supplicant: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-22"
          },
          {
            "title": "HP: HPSBPI03574 rev. 1 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03574"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6df91267eee9400a24a98876f50ffe84"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c29eb008bb212762e5cfb25c7c5c0d5"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20171016-wpa"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=25584b3d319ca9e7cb2fae9ec5dbf5e0"
          },
          {
            "title": "HP: HPSBHF03571 rev. 6  -  Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03571"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=870f3f04ef17f7b183f74ae687a1561d"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
          },
          {
            "title": "vanhoefm-krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/84kaliplexon3/vanhoefm-krackattacks-scripts "
          },
          {
            "title": "krankattack",
            "trust": 0.1,
            "url": "https://github.com/devkosov/krankattack "
          },
          {
            "title": "krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/vanhoefm/krackattacks-scripts "
          },
          {
            "title": "KRACK",
            "trust": 0.1,
            "url": "https://github.com/chinatso/krack "
          },
          {
            "title": "krackinfo",
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo "
          },
          {
            "title": "nixos-issue-db-example",
            "trust": 0.1,
            "url": "https://github.com/andir/nixos-issue-db-example "
          },
          {
            "title": "SamsungReleaseNotes",
            "trust": 0.1,
            "url": "https://github.com/samreleasenotes/samsungreleasenotes "
          },
          {
            "title": "welivesecurity",
            "trust": 0.1,
            "url": "https://www.welivesecurity.com/2019/10/17/alexa-how-amazon-echo-kindle-got-kracked/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/millions-of-amazon-echo-and-kindle-devices-affected-by-wifi-bug/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/11/07/android_november_security_update/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.krackattacks.com/"
          },
          {
            "trust": 3.3,
            "url": "https://source.android.com/security/bulletin/2017-11-01"
          },
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/101274"
          },
          {
            "trust": 2.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171016-wpa"
          },
          {
            "trust": 2.7,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "trust": 2.5,
            "url": "http://www.debian.org/security/2017/dsa-3999"
          },
          {
            "trust": 2.2,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/228519"
          },
          {
            "trust": 2.1,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "trust": 1.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-3455-1"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039585"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039581"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039578"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039577"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039573"
          },
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-17420"
          },
          {
            "trust": 1.7,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201711-03"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208222"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208221"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208220"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208219"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "trust": 1.7,
            "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03792en_us"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "trust": 1.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13078"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-114-01"
          },
          {
            "trust": 1.1,
            "url": "https://papers.mathyvanhoef.com/ccs2017.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://w1.fi/security/2017-1/"
          },
          {
            "trust": 1.1,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00101\u0026languageid=en-fr"
          },
          {
            "trust": 1.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-13080"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-02"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-325-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-19-029-01"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13078"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13077"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/323.html"
          },
          {
            "trust": 0.8,
            "url": "https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-krack-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://www3.aerohive.com/support/security-bulletins/product-security-announcement-aerohives-response-to-krack-10162017.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.al-enterprise.com/en/support/security-alert-krack"
          },
          {
            "trust": 0.8,
            "url": "https://support.apple.com/en-gb/ht208222"
          },
          {
            "trust": 0.8,
            "url": "https://security.archlinux.org/avg-447"
          },
          {
            "trust": 0.8,
            "url": "https://www.asus.com/static_webpage/asus-product-security-advisory/"
          },
          {
            "trust": 0.8,
            "url": "https://community.barracudanetworks.com/forum/index.php?/topic/23525-security-advisories/page-2"
          },
          {
            "trust": 0.8,
            "url": "https://lists.centos.org/pipermail/centos-announce/2017-october/022569.html"
          },
          {
            "trust": 0.8,
            "url": "https://community.cypress.com/docs/doc-13871"
          },
          {
            "trust": 0.8,
            "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10075"
          },
          {
            "trust": 0.8,
            "url": "http://www.dell.com/support/article/sln307822"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/espressif/esp8266_nonos_sdk"
          },
          {
            "trust": 0.8,
            "url": "https://extremeportal.force.com/extrarticledetail?n=000018005"
          },
          {
            "trust": 0.8,
            "url": "https://bodhi.fedoraproject.org/updates/fedora-2017-60bfb576b7"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/psirt/fg-ir-17-196"
          },
          {
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 0.8,
            "url": "https://bugs.gentoo.org/634440"
          },
          {
            "trust": 0.8,
            "url": "https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null\u0026doclocale=en_us\u0026docid=emr_na-a00029151en_us"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10827"
          },
          {
            "trust": 0.8,
            "url": "https://support.lenovo.com/ca/en/product_security/len-17420"
          },
          {
            "trust": 0.8,
            "url": "http://www.microchip.com/wwwproducts/en/atwinc1500"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html"
          },
          {
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049498/security-advisory-for-wpa-2-vulnerabilities-psv-2017-2826-psv-2017-2836-psv-2017-2837"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/t/security-advisory-wpa2-vulnerability-vu-228519/12715"
          },
          {
            "trust": 0.8,
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.0.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.suse.com/de-de/support/kb/doc/?id=7022107"
          },
          {
            "trust": 0.8,
            "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---wpa-and-wpa2-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/changelog/stable.php?cpu=x86_64"
          },
          {
            "trust": 0.8,
            "url": "https://community.sophos.com/kb/en-us/127658"
          },
          {
            "trust": 0.8,
            "url": "https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rzrnc8igeiz_sw8egqhjcdmmwr8abw2dqcnfoyqotidrrk399uxrrwotuzgws7a87y6z88iuzmcq2u4uwcnlzypjnjj5-exr_wnhya-laxtrid-j3uchdtb8gylmuw6qzgktovtowsrrqlrs6-8dbeqhwc1mykqnlabgdjlf1yjvn7i5af4qtdwsn2tri7j"
          },
          {
            "trust": 0.8,
            "url": "http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm"
          },
          {
            "trust": 0.8,
            "url": "http://support.toshiba.com/support/staticcontentdetail?contentid=4015875\u0026isfromtoclink=false"
          },
          {
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/unifi-updates-blog/firmware-3-9-3-7537-for-uap-usw-has-been-released/ba-p/2099365"
          },
          {
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "trust": 0.8,
            "url": "http://en.miui.com/thread-954223-1-1.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.zebra.com/content/dam/zebra_new_ia/en-us/support-and-downloads/lifeguard-security/krack-security-bulletin.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_wpa2_key_management.shtml"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk120938"
          },
          {
            "trust": 0.8,
            "url": "https://community.rsa.com/docs/doc-84103"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k23642330"
          },
          {
            "trust": 0.8,
            "url": "https://forum.mikrotik.com/viewtopic.php?f=21\u0026t=126695"
          },
          {
            "trust": 0.8,
            "url": "https://community.linksys.com/t5/wireless-routers/krack-vulnerability/td-p/1218573"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02a"
          },
          {
            "trust": 0.8,
            "url": "https://www.ipa.go.jp/security/ciadr/vul/20171017_wpa2.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94846424/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu90609033/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.kb.cert.org/vuls/id/cheu-aqnmyp"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
          },
          {
            "trust": 0.6,
            "url": "https://www.kb.cert.org/vuls/id/228519/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13077"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13078"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13080"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13087"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13087"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13082"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13086"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13088"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13082"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13086"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13088"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/stevenhoneyman/wpa_gui/tree/master/wpa_supplicant-2.4"
          },
          {
            "trust": 0.3,
            "url": "http://www.wi-fi.org/index.php"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-ie/ht208847"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208334"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208327"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208325"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00009.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00008.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00000.html"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13081"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13084"
          },
          {
            "trust": 0.3,
            "url": "http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-299-02"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13081"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9417"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht208038"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4477"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu9.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13078"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13077"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.krackattacks.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch"
          },
          {
            "trust": 0.1,
            "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13080"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13082"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13077"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13087"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13081"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13086"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13088"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-17T00:00:00",
            "db": "IVD",
            "id": "d6bbedba-ffb0-46fc-8b8d-fc2a4fce19b2"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2017-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "date": "2017-10-17T16:52:00",
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "date": "2017-12-13T03:33:33",
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "date": "2017-12-13T04:44:44",
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "date": "2018-07-05T23:02:22",
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "date": "2017-10-16T23:23:00",
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "date": "2017-11-10T19:19:00",
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "date": "2017-10-18T20:20:00",
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "date": "2017-10-19T14:28:55",
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "date": "2017-10-18T20:44:00",
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          },
          {
            "date": "2017-10-17T13:29:00.193000",
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30405"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13078"
          },
          {
            "date": "2019-02-21T09:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2019-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009171"
          },
          {
            "date": "2020-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-13078"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-381"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200009-0023

    Vulnerability from variot - Updated: 2024-07-23 20:18

    VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. " Opera Software "and" Adobe Vulnerability information on " : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. VMWare is a virtual PC software that allows two or more Windows, DOS, and LINUX systems to run simultaneously on a single machine. The VMWare Tools package used in VMWare products does not properly access the function library. An attacker can exploit this issue by enticing a user to open a malicious file from a network share. The issue can be exploited on Windows guest operating systems Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following products: Workstation Player ACE Server Fusion ESX ESXi NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


                   VMware Security Advisory
    

    Advisory ID: VMSA-2010-0007 Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues Issue date: 2010-04-09 Updated on: 2010-04-09 (initial release of advisory) CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042 CVE-2009-1564 CVE-2009-1565 CVE-2009-3732 CVE-2009-3707 CVE-2010-1138 CVE-2010-1139 CVE-2010-1141


    Notes: Effective May 2010, VMware's patch and update release program during Extended Support will be continued with the condition that all subsequent patch and update releases will be based on the latest baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details.

    Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan to upgrade to at least ESX 3.0.3 and preferably to the newest release available.

    Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available.

    End of General Support for VMware Workstation 6.x is 2011-04-27, users should plan to upgrade to the newest release available.

    End of General Support for VMware Server 2.0 is 2011-06-30, users should plan to upgrade to the newest release of either ESXi or VMware Player.

    Extended support for Virtual Center 2.0.2 is 2011-12-10, users should plan to upgrade to the newest release of vCenter Server.

    1. Problem Description

    a. This file could be in any file format.

    VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS
    Security (http://www.acrossecurity.com) for reporting this issue
    to us.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-1141 to this issue.
    
    Steps needed to remediate this vulnerability:
    
    Guest systems on VMware Workstation, Player, ACE, Server, Fusion
     - Install the remediated version of Workstation, Player, ACE,
       Server and Fusion. 
     - Upgrade tools in the virtual machine (virtual machine users
       will be prompted to upgrade).
    
    Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5
     - Install the relevant patches (see below for patch identifiers)
     - Manually upgrade tools in the virtual machine (virtual machine
       users will not be prompted to upgrade).  Note the VI Client will
       not show the VMware tools is out of date in the summary tab. 
       Please see http://tinyurl.com/27mpjo page 80 for details.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available. See above for remediation
    details.  On most
    recent versions of Windows (XP, Vista) the attacker would need to
    have administrator privileges to plant the malicious executable in
    the right location.
    
    Steps needed to remediate this vulnerability: See section 3.a.
    
    VMware would like to thank Mitja Kolsek of ACROS Security
    (http://www.acrossecurity.com) for reporting this issue to us.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-1142 to this issue.
    
    Refer to the previous table in section 3.a for what action
    remediates the vulnerability (column 4) if a solution is
    available. See above for remediation details.
    

    c. Windows-based VMware Workstation and Player host privilege escalation

    A vulnerability in the USB service allows for a privilege
    escalation. A local attacker on the host of a Windows-based
    Operating System where VMware Workstation or VMware Player
    is installed could plant a malicious executable on the host and
    elevate their privileges.
    
    In order for an attacker to exploit the vulnerability, the attacker
    would need to be able to plant their malicious executable in a
    certain location on the host machine.  On most recent versions of
    Windows (XP, Vista) the attacker would need to have administrator
    privileges to plant the malicious executable in the right location.
    
    VMware would like to thank Thierry Zoller for reporting this issue
    to us.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-1140 to this issue.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.
    
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected
    
    Workstation    7.0       Windows  7.0.1 build 227600 or later
    Workstation    7.0       Linux    not affected
    Workstation    6.5.x     any      not affected
    
    Player         3.0       Windows  3.0.1 build 227600 or later
    Player         3.0       Linux    not affected
    Player         2.5.x     any      not affected
    
    Ace            any       any      not affected
    
    Server         2.x       any      not affected
    
    Fusion         any       Mac OS/X not affected
    
    ESXi           any       ESXi     not affected
    
    ESX            any       ESX      not affected
    

    d. Third party library update for libpng to version 1.2.37

    The libpng libraries through 1.2.35 contain an uninitialized-
    memory-read bug that may have security implications. 
    Specifically, 1-bit (2-color) interlaced images whose widths are
    not divisible by 8 may result in several uninitialized bits at the
    end of certain rows in certain interlace passes being returned to
    the user. An application that failed to mask these out-of-bounds
    pixels might display or process them, albeit presumably with benign
    results in most cases.
    
    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2009-2042 to this issue.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available. VMware VMnc Codec heap overflow vulnerabilities
    
    The VMware movie decoder contains the VMnc media codec that is
    required to play back movies recorded with VMware Workstation,
    VMware Player and VMware ACE, in any compatible media player. The
    movie decoder is installed as part of VMware Workstation, VMware
    Player and VMware ACE, or can be downloaded as a stand alone
    package.
    
    For an attack to be successful the user must be tricked into
    visiting a malicious web page or opening a malicious video file on
    a system that has the vulnerable version of the VMnc codec installed.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2009-1564 and CVE-2009-1565 to these
    issues.
    
    VMware would like to thank iDefense, Sebastien Renaud of VUPEN
    Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop
    of Secunia Research for reporting these issues to us.
    
    To remediate the above issues either install the stand alone movie
    decoder or update your product using the table below.
    
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected
    
    Movie Decoder  any       Windows  6.5.4 Build 246459 or later
    
    Workstation    7.x       any      not affected
    Workstation    6.5.x     Windows  6.5.4 build 246459 or later
    Workstation    6.5.x     Linux    not affected
    
    Player         3.x       any      not affected
    Player         2.5.x     Windows  2.5.4 build 246459 or later
    Player         2.5.x     Linux    not affected
    
    ACE            any       any      not affected
    
    Server         2.x       Window   not being addressed at this time
    Server         2.x       Linux    not affected
    
    Fusion         any       Mac OS/X not affected
    
    ESXi           any       ESXi     not affected
    
    ESX            any       ESX      not affected
    

    f. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed. Code execution would be at the privilege level of the user.

    VMrc is present on a system if the VMrc browser plug-in has been
    installed. This plug-in is required when using the console feature in
    WebAccess. Installation of the plug-in follows after visiting the
    console tab in WebAccess and choosing "Install plug-in". The plug-
    in can only be installed on Internet Explorer and Firefox.
    
    Under the following two conditions your version of VMrc is likely
    to be affected:
    
    - the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0
      without patch ESX400-200911223-UG and
    - VMrc is installed on a Windows-based system
    
    The following steps allow you to determine if you have an affected
    version of VMrc installed:
    
    - Locate the VMrc executable vmware-vmrc.exe on your Windows-based
      system
    - Right click and go to Properties
    - Go to the tab "Versions"
    - Click "File Version" in the "Item Name" window
    - If the "Value" window shows "e.x.p build-158248", the version of
      VMrc is affected
    
    Remediation of this issue on Windows-based systems requires the
    following steps (Linux-based systems are not affected):
    
    - Uninstall affected versions of VMrc from the systems where the
      VMrc plug-in has been installed (use the Windows Add/Remove
      Programs interface)
    - Install vCenter 4.0 Update 1 or install the ESX 4.0 patch
      ESX400-200911223-UG
    - Login into vCenter 4.0 Update 1 or ESX 4.0 with patch
      ESX400-200911223-UG using WebAccess on the system where the VMrc
      needs to be re-installed
    - Re-install VMrc by going to the console tab in WebAccess.  The
      Console tab is selectable after selecting a virtual machine.
    
    Note: the VMrc plug-in for Firefox on Windows-based operating
    systems is no longer compatible after the above remediation steps. 
    Users are advised to use the Internet Explorer VMrc plug-in.
    
    VMware would like to thank Alexey Sintsov from Digital Security
    Research Group for reporting this issue to us.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2009-3732 to this issue.
    

    g. Windows-based VMware authd remote denial of service

    A vulnerability in vmware-authd could cause a denial of service
    condition on Windows-based hosts.  The denial of service is limited
    to a crash of authd.
    
    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2009-3707 to this issue.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available. Potential information leak via hosted networking stack
    
    A vulnerability in the virtual networking stack of VMware hosted
    products could allow host information disclosure.
    
    A guest operating system could send memory from the host vmware-vmx
    process to the virtual network adapter and potentially to the
    host's physical Ethernet wire.
    
    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2010-1138 to this issue.
    
    VMware would like to thank Johann MacDonagh for reporting this
    issue to us.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available. Linux-based vmrun format string vulnerability
    
    A format string vulnerability in vmrun could allow arbitrary code
    execution.
    
    If a vmrun command is issued and processes are listed, code could
    be executed in the context of the user listing the processes.
    
    The Common Vulnerabilities and Exposures Project (cve.mitre.org)
    has assigned the name CVE-2010-1139 to this issue.
    
    VMware would like to thank Thomas Toth-Steiner for reporting this
    issue to us.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.
    
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected
    
    VIX API        any       Windows  not affected
    VIX API        1.6.x     Linux    upgrade to VIX API 1.7 or later
    VIX API        1.6.x     Linux64  upgrade to VIX API 1.7 or later
    
    Workstation    7.x       any      not affected
    Workstation    6.5.x     Windows  not affected
    Workstation    6.5.x     Linux    6.5.4 build 246459 or later
    
    Player         3.x       any      not affected
    Player         2.5.x     Windows  not affected
    Player         2.5.x     Linux    2.5.4 build 246459 or later
    
    Ace            any       Windows  not affected
    
    Server         2.x       Windows  not affected
    Server         2.x       Linux    not being fixed at this time
    
    Fusion         3.x       Mac OS/X not affected
    Fusion         2.x       Mac OS/X 2.0.7 build 246742 or later
    
    ESXi           any       any      not affected
    
    ESX            any       any      not affected
    
    1. Solution

    Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.

    VMware Workstation Movie Decoder stand alone 6.5.4


    http://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.4-246459.exe md5sum: ea2ac5907ae4c5c323147fe155443ab8 sha1sum: 5ca8d1fd45f6a7a6f38019b259c3e836ee4e8f29

    VMware Workstation 7.0.1


    For Windows

    http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-WIN Release notes: http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html

    Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: fc8502a748de3b8f94c5c9571c1f17d2 sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206

    Workstation for Windows 32-bit and 64-bit without VMware Tools md5sum: 6a18ea3847cb727b03f7890f5643db79 sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984

    For Linux http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-LX Release notes: http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html

    Workstation for Linux 32-bit with VMware Tools md5sum: a896f7aaedde8799f21b52b89f5fc9ef sha1sum: f6d0789afa7927ca154973a071603a0bd098e697

    Workstation for Linux 32-bit without VMware Tools md5sum: 59ecd27bdf3f59be3b4df8f04d1b3874 sha1sum: 22e1a475069fca5e8d2446bf14661fa6d894d34f

    Workstation for Linux 64-bit with VMware Tools md5sum: 808682eaa6b202fa29172821f7378768 sha1sum: a901c45a2a02678b0d1722e8f27152c3af12a7ac

    Workstation for Linux 64-bit without VMware Tools md5sum: 5116e27e7b13a76693402577bd9fda58 sha1sum: dbcd045a889b95ac14828b8106631b678354e30a

    VMware Workstation 6.5.4


    For Windows

    http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN Release Notes: http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html

    Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 2dc393fcc4e78dcf2165098a4938699a sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569

    For Linux http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX Release Notes: http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html

    Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 9efb43a604d50e541eb3be7081b8b198 sha1sum: 4240d664f85a11f47288d2279224b26bef92aa8b

    Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: 38760682ad3b2f6bfb4e40f424c95c2a sha1sum: ec78099322b5fb2a737cd74a1978a5c07382dc8a

    Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 24311492bc515e9bc98eff9b2e7d33a2 sha1sum: b4947ef09f740440e8a24fc2ba05c0a7c11b82f5

    Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: ed24296705ad48442549d9cb2b3c0d8d sha1sum: 3c0f1efae0a64fa3a41be21b0bfc962f12e0e6d8

    VMware Player 3.0.1


    http://downloads.vmware.com/tryvmware/?p=player&lp=default Release notes: http://downloads.vmware.com/support/player30/doc/releasenotes_player301.html

    Player for Windows 32-bit and 64-bit md5sum: 78c92c0242c9540f68a629d4ac49c516 sha1sum: 7fc255fcd1a6784458012314db1206ed922e92cf

    Player for Linux 32-bit (.bundle) md5sum: e7cd19d39c7bbd1aee582743d76a7863 sha1sum: cff76010f0429576288ea1e5a594cd47a2c64f4a

    Player for Linux 64-bit (.bundle) md5sum: 88b08537c6eea705883dc1755b97738c sha1sum: 84f25370d24c03a18968a4f4c8e06cef3d21c2df

    VMware VIX API for Windows 32-bit and 64-bit md5sum: 2c46fc7e2516f331eb4dd23154d00a54 sha1sum: 85ceb1b718806c6870e3a918bcc772d1486ccdc9

    VMware VIX API for 32-bit Linux md5sum: 8b0994a26363246b5e954f97bd5a088d sha1sum: af93da138a158ee6e05780a5c4042414735987b6

    VMware VIX API for 64-bit Linux md5sum: ef7b9890c52b1e333f2357760a7fff85 sha1sum: dfef8531356de78171e13c4c108ebaeb43eaa62d

    VMware Player 2.5.4


    http://downloads.vmware.com/download/player/player_reg.html Release notes: http://downloads.vmware.com/support/player25/doc/releasenotes_player254.html

    Player for Windows 32-bit and 64-bit (.exe) md5sum: 531140a1eeed7d8b71f726b3d32a9174 sha1sum: 2500fa8af48452bd0e97040b80c569c3cb4f73e5

    Player for Linux (.rpm) md5sum: 1905f61af490f9760bef54450747e708 sha1sum: cf7444c0a6331439c5479a4158112a60eb0e6e8d

    Player for Linux (.bundle) md5sum: 74f539005687a4efce7971f7ef019af5 sha1sum: 4c4412c5807ecd00e66886e0e7c43ed61b62aab7

    Player for Linux - 64-bit (.rpm) md5sum: 013078d7f6adcdbcbaafbf5e0ae11a39 sha1sum: 7c434173a3fe446ebefce4803bfaa7ab67d1ff72

    Player for Linux - 64-bit (.bundle) md5sum: 175ce2f9656ff10a1327c0d48f80c65f sha1sum: bf7acfdcb44bf345d58f79ad1bcb04816f262d22

    VMware ACE 2.6.1


    http://downloads.vmware.com/download/download.do?downloadGroup=ACE-261-WIN Release notes: http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html

    VMware Workstation for 32-bit and 64-bit Windows with tools md5sum: fc8502a748de3b8f94c5c9571c1f17d2 sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206

    VMware Workstation for Windows 32-bit and 64-bit without tools md5sum: 6a18ea3847cb727b03f7890f5643db79 sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984

    ACE Management Server Virtual Appliance md5sum: e26d258c511572064e99774fbac9184c sha1sum: 9363656b70caa11a31a6229451202d9f8203c1f5

    ACE Management Server for Windows md5sum: e970828f2a5a62ac108879033a70f4b6 sha1sum: eca89372eacc78c3130781d0d183715055d64798

    ACE Management Server for SUSE Enterprise Linux 9 md5sum: 59b3ad5964daef2844e72fd1765590fc sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f

    ACE Management Server for Red Hat Enterprise Linux 4 md5sum: 6623f6a8a645402a1c8c351ec99a1889 sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d

    VMware ACE 2.5.4


    http://downloads.vmware.com/download/download.do?downloadGroup=ACE-254-WIN Release notes: http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html

    VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 2dc393fcc4e78dcf2165098a4938699a sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569

    ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 3935f23d4a074e7a3429a1c80cfd2155 sha1sum: 5b09439a9c840d39ae49fbd7a79732ecd58c52a3

    ACE Management Server for Windows Windows .exe md5sum: 1173bd7da6ed330a262ed4e2eff6562c sha1sum: d9bce88a350aa957f3387f870af763875d4d9110

    ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: 0bec2cf8d6ae3bb6976c9d8cc2573208 sha1sum: f3c6d9ee3357535b1540cedd9e86d723e2ed2134

    ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 17caa522af79cf1f6b2ebad16a4ac8a5 sha1sum: cdd6e2a4e3d7ad89f95e60f1af024bea7eaba0fe

    VMware Server 2.0.2


    http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html

    VMware Server 2 Version 2.0.2 | 203138 - 10/26/09 507 MB EXE image VMware Server 2 for Windows Operating Systems. A master installer file containing all Windows components of VMware Server. md5sum: a6430bcc16ff7b3a29bb8da1704fc38a sha1sum: 39683e7333732cf879ff0b34f66e693dde0e340b

    VIX API 1.6 for Windows Version 2.0.2 | 203138 - 10/26/09 37 MB image md5sum: 827e65e70803ec65ade62dd27a74407a sha1sum: a14281bc055271a19be3c88026e92304bc3f0e22

    For Linux

    VMware Server 2 for Linux Operating Systems. Version 2.0.2 | 203138 - 10/26/09 37 MB TAR image md5sum: 95ddea5a0579a35887bd15b083ffea20 sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747

    VMware Server 2 for Linux Operating Systems 64-bit version. Version 2.0.2 | 203138 - 10/26/09 452 MB RPM image md5sum: 35c8b176601133749e4055e0034f8be6 sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece

    The core application needed to run VMware Server 2, 64-bit version. Version 2.0.2 | 203138 - 10/26/09 451 MB TAR image md5sum: cc7aef813008eeb7150c21547d431b39 sha1sum: b65d3d46dc947fc7995bda354c4947afabd23474

    VMware Fusion 3.0.2


    http://downloads.vmware.com/download/download.do?downloadGroup=FUS-302 Release notes: http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html

    VMware Fusion 3.0.2 (for Intel-based Macs) md5sum: aa17278a4a668eeb9f9467e4e3111ccc sha1sum: 58c3d63705ac90839f7c1ae14264177e1fd56df3

    VMware Fusion 3.0.2 Light for Mac (for Intel-based Macs) md5sum: 052ecbbfc4f59a85e2d08b4bd3ef0896 sha1sum: 61e00487f4c649588099647d4a5f47ddf5b8ad01

    VMware Fusion 2.0.7


    http://downloads.vmware.com/download/download.do?downloadGroup=FUS-207 Release notes: http://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html

    VMware Fusion 2.0.7 (for Intel-based Macs) md5sum: a293f5ce6ccc227760640753386e9da6 sha1sum: ddfda92f9baf30e536bc485e42325d173a1aa370

    VMware Fusion 2.0.7 Light (for Intel-based Macs) md5sum: d4772d118fb90323f598849e70c21189 sha1sum: 5c1df1597e77ebe0f0555749b281008ca5f2fb77

    VIX API 1.7 Version: 1.7 | 2009-08-26 | 186713


    VIX API for Window 32-bit and 64-bit Main installation file for Windows 32-bit and 64-bit host md5sum:b494fc3092f07d0f29cc06a19fe61306 sha1sum:aa8638424cb7f25c1e42343134ac9f0bd2c2e0c9

    VIX API for Linux 32-bit md5sum:6b0ed8872d8b714363cddc68b6a77008 sha1sum:8a9b12a61641394b347488119a7120eaa47dc2a1

    VIX API for Linux 64-bit md5sum:d57aa9f98058d5a386c18e14cc05bf4d sha1sum:3b7d4461ea257e795b322cc080f4ae29a230666b

    VIX API Version: 1.8.1 | 2009-10-11 | 207905


    VIX API for Windows 32-bit and 64-bit md5sum:4f21e4cb518767bc08045f5a39f5d41f sha1sum:5b8275c549f9d9498bd2ed078557f1ce1986ac12

    VIX API for Linux 32-bit md5sum:f347e94d907c26754540d59956ee5d53 sha1sum:6ddc6c9371ba127d04bc83bd55988a6c83366907

    VIX API for Linux 64-bit md5sum:b8a3982072d0d42c0c37dd7eb49d686c sha1sum:d044ac3dd42f806bc4ff48ddf584b5e3d82910c8

    VIX API Version: 1.10 Beta | 01/28/10 | 222403


    VIX API for Windows 32-bit and 64-bit md5sum:ac5b6e9197cb68c302bfac9ed683e3af sha1sum:0d942e7409e88e684bdb65811e7be7f47d631a73

    VIX API for Linux 32-bit md5sum:07d1989d042e317eb9d2b3daf269dda7 sha1sum:1e3840d426d7dfff53fa7e1bd22b09b56cf2362c

    VIX API for Linux 64-bit md5sum:9b345008e0adec3c044988307294944b sha1sum:7a54a893369c2227f7e8058430c40983168c6e0b

    ESXi


    ESXi 4.0 bulletin ESXi400-201002402-BG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-193-20100228-731251/ESXi400-201002001.zip md5sum: e5aa2968d389594abdc59cbac7b0183d sha1sum: bb50b3ad7934e3f9e24edc879b35e83b357343b2 http://kb.vmware.com/kb/1018404

    ESXi 3.5


    ESXi 3.5 patch ESXe350-200912402-T-BG was first contained in ESXe350-200912401-O-BG from December 2009.

    The same patch, ESXe350-200912402-T-BG, is also contained in ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update.

    In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also included in ESXe350-201003401-O-BG from March 2010.

    ESXe350-201002401-O-SG (latest security update) http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip

    md5sum: 0c8d4d1c0e3c2aed9f785cf081225d83

    http://kb.vmware.com/kb/1015047 (Vi Client)

    http://kb.vmware.com/kb/1016665 (VM Tools)

    http://kb.vmware.com/kb/1017685 (Firmware)

    The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file.

    ESX


    ESX 4.0 bulletin ESX400-201002401-BG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip md5sum: de62cbccaffa4b2b6831617f18c1ccb4 sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab http://kb.vmware.com/kb/1018403

    Note: ESX400-201002001 contains the bundle with the security fix, ESX400-201002401-BG To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX400-201002001 -b ESX400-201002401-BG

    ESX 4.0 bulletin ESX400-200911223-UG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-166-20091202-254879/ESX-4.0.0-update01a.zip md5sum: 99c1fcafbf0ca105ce73840d686e9914 sha1sum: aa8a23416271bc28b6b8f6bdbe00045e36314ebb http://kb.vmware.com/kb/1014842

    Note: ESX-4.0.0-update01a contains the bundle with the security fix, ESX400-200911223-UG To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX-4.0.0-update01a -b ESX400-200911223-UG

    ESX 3.5 patch ESX350-200912401-BG http://download3.vmware.com/software/vi/ESX350-200912401-BG.zip md5sum: f1d3589745b4ae933554785aef22bacc sha1sum: d1e5a9209b165d43d75f076e556fc028bec4cc47 http://kb.vmware.com/kb/1016657

    ESX 3.0.3 patch ESX303-201002203-UG http://download3.vmware.com/software/vi/ESX303-201002203-UG.zip md5sum: 49ee56b687707cbe6999836c315f081a http://kb.vmware.com/kb/1018030

    ESX 2.5.5 Upgrade Patch 15 http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz md5sum: c346fe510b6e51145570e03083f77357 sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4 http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html

    1. References http://www.acrossecurity.com/advisories.htm http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141

    2. Change log 2010-04-09 VMSA-2010-0007 Initial security advisory after release of Workstation 6.5.4 and Fusion 2.0.7 on 2010-04-08.


    1. Contact

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    • security-announce at lists.vmware.com
    • bugtraq at securityfocus.com
    • full-disclosure at lists.grok.org.uk

    E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

    VMware Security Center http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2010 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)

    iD8DBQFLvvM8S2KysvBH1xkRAgu/AJ9RrzlOq/5Ug0t8R4qoi/UwDVJDpACbBGgT d58bjKG6Ic7m/TsoJP4M2tw= =Q1zv -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System
    
              Technical Cyber Security Alert TA10-238A
    

    Microsoft Windows Insecurely Loads Dynamic Libraries

    Original release date: August 26, 2010 Last revised: -- Source: US-CERT

    Systems Affected

     Any application running on the Microsoft Windows platform that
     uses dynamically linked libraries (DLLs) may be affected. Please see the Vendor Information
     section of Vulnerability Note VU#707943 for information about
     specific vendors. DLLs are typically loaded
    

    when the application is first started; however DLLs may be loaded and unloaded while the application is running. An application can request a DLL file in a variety of ways, and Windows uses several different search algorithms to find DLL files. The interaction between the application and Windows can result in a DLL file being loaded from the current working directory of the application, instead of the Windows system directory or the directory where the application is installed.

    The current working directory could be the desktop, a removable storage device such as a USB key, a Windows file share, or a WebDAV location. When a file associated with an application is opened, a DLL in the same directory as the file may be loaded. Although an attacker may not have permission to write to the Windows system or application directories, the attacker may be able to write a DLL to a directory used to store files, or the attacker could provide their own directory.

    Attacks against this type of vulnerability have been referred to as "binary planting." Please see Vulnerability Note VU#707943 and Microsoft Security Advisory 2269637 for more information.

    II. Impact

    By placing a DLL with the correct name (and possibly the relative directory path) in the current working directory, an attacker could execute arbitrary code with the privileges of the application that loads the DLL.

    III. Solution

    Individual applications that run on the Windows platform may require patches or updates. Microsoft Knowledge Base article KB2264107 describes an update that provides a registry key that can prevent Windows from searching the current working directory for DLL files.

    Information about specific solutions for different vendors, general mitigation techniques, and secure ways for applications to load DLLs can be found in the Vendor Information and Solution sections of Vulnerability Note VU#707943.

    IV. References


    The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA10-238A.html>
    

    Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-238A Feedback VU#707943" in the subject.


    For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


    Produced 2010 by US-CERT, a government organization.

    Background

    VMware Player, Server, and Workstation allow emulation of a complete PC on a PC without the usual performance overhead of most emulators.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 app-emulation/vmware-player <= 2.5.5.328052 Vulnerable! 2 app-emulation/vmware-workstation <= 6.5.5.328052 Vulnerable! 3 app-emulation/vmware-server <= 1.0.9.156507 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details.

    Impact

    Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information.

    A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console.

    Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS).

    Workaround

    There is no known workaround at this time.

    Gentoo discontinued support for VMware Workstation. We recommend that users unmerge VMware Server:

    # emerge --unmerge "app-emulation/vmware-server"

    References

    [ 1 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 2 ] CVE-2007-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 [ 3 ] CVE-2007-5671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 [ 4 ] CVE-2008-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 [ 5 ] CVE-2008-1340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 [ 6 ] CVE-2008-1361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 [ 7 ] CVE-2008-1362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 [ 8 ] CVE-2008-1363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 [ 9 ] CVE-2008-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 [ 10 ] CVE-2008-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 [ 11 ] CVE-2008-1447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 [ 12 ] CVE-2008-1806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 [ 13 ] CVE-2008-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 [ 14 ] CVE-2008-1808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 [ 15 ] CVE-2008-2098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 [ 16 ] CVE-2008-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 [ 17 ] CVE-2008-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 [ 18 ] CVE-2008-4915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 [ 19 ] CVE-2008-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 [ 20 ] CVE-2008-4917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 [ 21 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 22 ] CVE-2009-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 [ 23 ] CVE-2009-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 [ 24 ] CVE-2009-1244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244 [ 25 ] CVE-2009-2267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 [ 26 ] CVE-2009-3707 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 [ 27 ] CVE-2009-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 [ 28 ] CVE-2009-3733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 [ 29 ] CVE-2009-4811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 [ 30 ] CVE-2010-1137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 [ 31 ] CVE-2010-1138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 [ 32 ] CVE-2010-1139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 [ 33 ] CVE-2010-1140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 [ 34 ] CVE-2010-1141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 [ 35 ] CVE-2010-1142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 [ 36 ] CVE-2010-1143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 [ 37 ] CVE-2011-3868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201209-25.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200009-0023",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esx",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "vmware",
            "version": "2.5.5"
          },
          {
            "model": "esx",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "vmware",
            "version": "3.0.3"
          },
          {
            "model": "esx",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "vmware",
            "version": "3.5"
          },
          {
            "model": "esx",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "model": "esxi",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "vmware",
            "version": "3.5"
          },
          {
            "model": "esxi",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "vmware",
            "version": "2.0.5"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "vmware",
            "version": "2.0.4"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "vmware",
            "version": "2.x"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "vmware",
            "version": "2.x"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "vmware",
            "version": "2.5.x"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "vmware",
            "version": "2.5.x"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "6.5.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "6.5.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "6.5.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "2.5.2"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "vmware",
            "version": "2.5.1"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.5.1"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.0.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.5.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "6.5.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.5"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "vmware",
            "version": "2.5.2"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "abvent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adobe",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "atomix productions",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "autodesk",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avast antivirus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bentley",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bittorrent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bitmanagement",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "conceiva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "corel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cyberlink",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "daemon tools",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dassault systemes",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "divx",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ezb",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fengtao",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gfi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "graphisoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gilles vollant",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "guidance",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "httrack",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "izarc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "inkscape",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "maxthon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netstumbler",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nokia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "norman",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nullsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pgp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pkware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pixia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "realnetworks",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sisoftware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "smart projects",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonic",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sweetscape",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "teamviewer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "techsmith",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tortoisesvn",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tracker",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "videolan",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "winmerge",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wireshark",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wolters kluwer",
            "version": null
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "vmware",
            "version": "6.5.x"
          },
          {
            "model": "lhaforge",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "claybird",
            "version": "1.5.1 and earlier"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.3"
          },
          {
            "model": "enterprisedirectoryserver",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.4"
          },
          {
            "model": "securebranch",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "soho xp dedicated application  securebranch accessmanager ver2.2.18 before"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.4"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.2"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.2"
          },
          {
            "model": "explzh",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "pon",
            "version": "v.5.65 and earlier"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "9"
          },
          {
            "model": "securebranch",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "soho vista dedicated application  securebranch accessmanager ver3.0.13 before"
          },
          {
            "model": "lunascape",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "lunascape",
            "version": "6.3.0 and earlier"
          },
          {
            "model": "securefinger",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "fingerprint authentication runtime ( c / s edition) all versions"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "client v7.1"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.5"
          },
          {
            "model": "esmpro/serveragentservice",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "lhmelt",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "micco",
            "version": "1.65.1.2 and earlier"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "download server v7.1"
          },
          {
            "model": "esmpro/serveragent",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "client  v5.3"
          },
          {
            "model": "terapad",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "terao progress",
            "version": "ver.1.00\\u3000 and earlier"
          },
          {
            "model": "sleipnir",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fenrir",
            "version": "2.9.5 and earlier"
          },
          {
            "model": "securefinger",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "fingerprint authentication utility ad all versions"
          },
          {
            "model": "lhaplus",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "schezo",
            "version": "1.57 and earlier"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.3"
          },
          {
            "model": "infoframe documentskipper",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "downloader  v5.3"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "download contents v8.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "vmware",
            "version": "5.5.x"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "workstation",
            "version": "6.5.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "workstation",
            "version": "6.5.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "workstation",
            "version": "6.5.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "workstation",
            "version": "6.5.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "player",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "player",
            "version": "2.5.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "player",
            "version": "2.5.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "player",
            "version": "2.5.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "ace",
            "version": "2.5.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "ace",
            "version": "2.5.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "ace",
            "version": "2.5.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "ace",
            "version": "2.5.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "server",
            "version": "2.0.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "server",
            "version": "2.0.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "server",
            "version": "2.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "fusion",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "fusion",
            "version": "2.0.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "fusion",
            "version": "2.0.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "fusion",
            "version": "2.0.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "fusion",
            "version": "2.0.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "fusion",
            "version": "2.0.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "fusion",
            "version": "3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esxi",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esxi",
            "version": "4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esx",
            "version": "2.5.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esx",
            "version": "3.0.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esx",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "esx",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.5118166"
          },
          {
            "model": "server build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2203138"
          },
          {
            "model": "server build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1156745"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "player build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5118166"
          },
          {
            "model": "movie decoder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.5.4"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.6"
          },
          {
            "model": "fusion build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2147997"
          },
          {
            "model": "fusion",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2"
          },
          {
            "model": "esxi server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "model": "esxi server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.0"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.5"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "db": "BID",
            "id": "39392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alin Rad Pop",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2010-1141",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 8.5,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2010-1141",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "46c824c0-2356-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-1141",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#707943",
                "trust": 0.8,
                "value": "64.13"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201004-160",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "46c824c0-2356-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2010-1141",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs.  As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. \" Opera Software \"and\" Adobe Vulnerability information on \" : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. VMWare is a virtual PC software that allows two or more Windows, DOS, and LINUX systems to run simultaneously on a single machine. The VMWare Tools package used in VMWare products does not properly access the function library. \nAn attacker can exploit this issue by enticing a user to open a malicious file from a network share. The issue can be exploited on Windows guest operating systems\nSuccessful exploits will allow attackers to execute arbitrary code within the context of  the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects the following products:\nWorkstation\nPlayer\nACE\nServer\nFusion\nESX\nESXi\nNOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2010-0007\nSynopsis:          VMware hosted products, vCenter Server and ESX\n                   patches resolve multiple security issues\nIssue date:        2010-04-09\nUpdated on:        2010-04-09 (initial release of advisory)\nCVE numbers:       CVE-2010-1142 CVE-2010-1140 CVE-2009-2042\n                   CVE-2009-1564 CVE-2009-1565 CVE-2009-3732\n                   CVE-2009-3707 CVE-2010-1138 CVE-2010-1139\n                   CVE-2010-1141\n- -------------------------------------------------------------------------\n\n1. \n\n2. \n\n   Notes:\n   Effective May 2010, VMware\u0027s patch and update release program during\n   Extended Support will be continued with the condition that all\n   subsequent patch and update releases will be based on the latest\n   baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,\n   ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section\n   \"End of Product Availability FAQs\" at\n   http://www.vmware.com/support/policies/lifecycle/vi/faq.html for\n   details. \n\n   Extended support for ESX 2.5.5 ends on 2010-06-15.  Users should plan\n   to upgrade to at least ESX 3.0.3 and preferably to the newest\n   release available. \n\n   Extended support for ESX 3.0.3 ends on 2011-12-10.  Users should plan\n   to upgrade to at least ESX 3.5 and preferably to the newest release\n   available. \n\n   End of General Support for VMware Workstation 6.x is 2011-04-27,\n   users should plan to upgrade to the newest release available. \n\n   End of General Support for VMware Server 2.0 is 2011-06-30, users\n   should plan to upgrade to the newest release of either ESXi or\n   VMware Player. \n\n   Extended support for Virtual Center 2.0.2 is 2011-12-10, users\n   should plan to upgrade to the newest release of vCenter Server. \n\n3. Problem Description\n\n a. This file could be in any file format. \n\n    VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS\n    Security (http://www.acrossecurity.com) for reporting this issue\n    to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1141 to this issue. \n\n    Steps needed to remediate this vulnerability:\n\n    Guest systems on VMware Workstation, Player, ACE, Server, Fusion\n     - Install the remediated version of Workstation, Player, ACE,\n       Server and Fusion. \n     - Upgrade tools in the virtual machine (virtual machine users\n       will be prompted to upgrade). \n\n    Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5\n     - Install the relevant patches (see below for patch identifiers)\n     - Manually upgrade tools in the virtual machine (virtual machine\n       users will not be prompted to upgrade).  Note the VI Client will\n       not show the VMware tools is out of date in the summary tab. \n       Please see http://tinyurl.com/27mpjo page 80 for details. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. See above for remediation\n    details.  On most\n    recent versions of Windows (XP, Vista) the attacker would need to\n    have administrator privileges to plant the malicious executable in\n    the right location. \n\n    Steps needed to remediate this vulnerability: See section 3.a. \n\n    VMware would like to thank Mitja Kolsek of ACROS Security\n    (http://www.acrossecurity.com) for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1142 to this issue. \n\n    Refer to the previous table in section 3.a for what action\n    remediates the vulnerability (column 4) if a solution is\n    available. See above for remediation details. \n\n c. Windows-based VMware Workstation and Player host privilege\n    escalation\n\n    A vulnerability in the USB service allows for a privilege\n    escalation. A local attacker on the host of a Windows-based\n    Operating System where VMware Workstation or VMware Player\n    is installed could plant a malicious executable on the host and\n    elevate their privileges. \n\n    In order for an attacker to exploit the vulnerability, the attacker\n    would need to be able to plant their malicious executable in a\n    certain location on the host machine.  On most recent versions of\n    Windows (XP, Vista) the attacker would need to have administrator\n    privileges to plant the malicious executable in the right location. \n\n    VMware would like to thank Thierry Zoller for reporting this issue\n    to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-1140 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    7.0       Windows  7.0.1 build 227600 or later\n    Workstation    7.0       Linux    not affected\n    Workstation    6.5.x     any      not affected\n\n    Player         3.0       Windows  3.0.1 build 227600 or later\n    Player         3.0       Linux    not affected\n    Player         2.5.x     any      not affected\n\n    Ace            any       any      not affected\n\n    Server         2.x       any      not affected\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n d. Third party library update for libpng to version 1.2.37\n\n    The libpng libraries through 1.2.35 contain an uninitialized-\n    memory-read bug that may have security implications. \n    Specifically, 1-bit (2-color) interlaced images whose widths are\n    not divisible by 8 may result in several uninitialized bits at the\n    end of certain rows in certain interlace passes being returned to\n    the user. An application that failed to mask these out-of-bounds\n    pixels might display or process them, albeit presumably with benign\n    results in most cases. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2009-2042 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. VMware VMnc Codec heap overflow vulnerabilities\n\n    The VMware movie decoder contains the VMnc media codec that is\n    required to play back movies recorded with VMware Workstation,\n    VMware Player and VMware ACE, in any compatible media player. The\n    movie decoder is installed as part of VMware Workstation, VMware\n    Player and VMware ACE, or can be downloaded as a stand alone\n    package. \n\n    For an attack to be successful the user must be tricked into\n    visiting a malicious web page or opening a malicious video file on\n    a system that has the vulnerable version of the VMnc codec installed. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2009-1564 and CVE-2009-1565 to these\n    issues. \n\n    VMware would like to thank iDefense, Sebastien Renaud of VUPEN\n    Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop\n    of Secunia Research for reporting these issues to us. \n\n    To remediate the above issues either install the stand alone movie\n    decoder or update your product using the table below. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Movie Decoder  any       Windows  6.5.4 Build 246459 or later\n\n    Workstation    7.x       any      not affected\n    Workstation    6.5.x     Windows  6.5.4 build 246459 or later\n    Workstation    6.5.x     Linux    not affected\n\n    Player         3.x       any      not affected\n    Player         2.5.x     Windows  2.5.4 build 246459 or later\n    Player         2.5.x     Linux    not affected\n\n    ACE            any       any      not affected\n\n    Server         2.x       Window   not being addressed at this time\n    Server         2.x       Linux    not affected\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\nf. \n    Exploitation of this issue may lead to arbitrary code execution on\n    the system where VMrc is installed. Code execution would be at the privilege level of the user. \n\n    VMrc is present on a system if the VMrc browser plug-in has been\n    installed. This plug-in is required when using the console feature in\n    WebAccess. Installation of the plug-in follows after visiting the\n    console tab in WebAccess and choosing \"Install plug-in\". The plug-\n    in can only be installed on Internet Explorer and Firefox. \n\n    Under the following two conditions your version of VMrc is likely\n    to be affected:\n\n    - the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0\n      without patch ESX400-200911223-UG and\n    - VMrc is installed on a Windows-based system\n\n    The following steps allow you to determine if you have an affected\n    version of VMrc installed:\n\n    - Locate the VMrc executable vmware-vmrc.exe on your Windows-based\n      system\n    - Right click and go to Properties\n    - Go to the tab \"Versions\"\n    - Click \"File Version\" in the \"Item Name\" window\n    - If the \"Value\" window shows \"e.x.p build-158248\", the version of\n      VMrc is affected\n\n    Remediation of this issue on Windows-based systems requires the\n    following steps (Linux-based systems are not affected):\n\n    - Uninstall affected versions of VMrc from the systems where the\n      VMrc plug-in has been installed (use the Windows Add/Remove\n      Programs interface)\n    - Install vCenter 4.0 Update 1 or install the ESX 4.0 patch\n      ESX400-200911223-UG\n    - Login into vCenter 4.0 Update 1 or ESX 4.0 with patch\n      ESX400-200911223-UG using WebAccess on the system where the VMrc\n      needs to be re-installed\n    - Re-install VMrc by going to the console tab in WebAccess.  The\n      Console tab is selectable after selecting a virtual machine. \n\n    Note: the VMrc plug-in for Firefox on Windows-based operating\n    systems is no longer compatible after the above remediation steps. \n    Users are advised to use the Internet Explorer VMrc plug-in. \n\n    VMware would like to thank Alexey Sintsov from Digital Security\n    Research Group for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2009-3732 to this issue. \n\n\n g. Windows-based VMware authd remote denial of service\n\n    A vulnerability in vmware-authd could cause a denial of service\n    condition on Windows-based hosts.  The denial of service is limited\n    to a crash of authd. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2009-3707 to this issue. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. Potential information leak via hosted networking stack\n\n    A vulnerability in the virtual networking stack of VMware hosted\n    products could allow host information disclosure. \n\n    A guest operating system could send memory from the host vmware-vmx\n    process to the virtual network adapter and potentially to the\n    host\u0027s physical Ethernet wire. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2010-1138 to this issue. \n\n    VMware would like to thank Johann MacDonagh for reporting this\n    issue to us. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. Linux-based vmrun format string vulnerability\n\n    A format string vulnerability in vmrun could allow arbitrary code\n    execution. \n\n    If a vmrun command is issued and processes are listed, code could\n    be executed in the context of the user listing the processes. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2010-1139 to this issue. \n\n    VMware would like to thank Thomas Toth-Steiner for reporting this\n    issue to us. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    VIX API        any       Windows  not affected\n    VIX API        1.6.x     Linux    upgrade to VIX API 1.7 or later\n    VIX API        1.6.x     Linux64  upgrade to VIX API 1.7 or later\n\n    Workstation    7.x       any      not affected\n    Workstation    6.5.x     Windows  not affected\n    Workstation    6.5.x     Linux    6.5.4 build 246459 or later\n\n    Player         3.x       any      not affected\n    Player         2.5.x     Windows  not affected\n    Player         2.5.x     Linux    2.5.4 build 246459 or later\n\n    Ace            any       Windows  not affected\n\n    Server         2.x       Windows  not affected\n    Server         2.x       Linux    not being fixed at this time\n\n    Fusion         3.x       Mac OS/X not affected\n    Fusion         2.x       Mac OS/X 2.0.7 build 246742 or later\n\n    ESXi           any       any      not affected\n\n    ESX            any       any      not affected\n\n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the md5sum and/or the sha1sum of your downloaded file. \n\n   VMware Workstation Movie Decoder stand alone 6.5.4\n   --------------------------------------------------\n\nhttp://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.4-246459.exe\n   md5sum: ea2ac5907ae4c5c323147fe155443ab8\n   sha1sum: 5ca8d1fd45f6a7a6f38019b259c3e836ee4e8f29\n\n   VMware Workstation 7.0.1\n   ------------------------\n   For Windows\n\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-WIN\n   Release notes:\n   http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\n\n   Workstation for Windows 32-bit and 64-bit with VMware Tools\n   md5sum: fc8502a748de3b8f94c5c9571c1f17d2\n   sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\n\n   Workstation for Windows 32-bit and 64-bit without VMware Tools\n   md5sum: 6a18ea3847cb727b03f7890f5643db79\n   sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\n\n   For Linux\n   http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-LX\n   Release notes:\n   http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\n\n   Workstation for Linux 32-bit with VMware Tools\n   md5sum: a896f7aaedde8799f21b52b89f5fc9ef\n   sha1sum: f6d0789afa7927ca154973a071603a0bd098e697\n\n   Workstation for Linux 32-bit without VMware Tools\n   md5sum: 59ecd27bdf3f59be3b4df8f04d1b3874\n   sha1sum: 22e1a475069fca5e8d2446bf14661fa6d894d34f\n\n   Workstation for Linux 64-bit with VMware Tools\n   md5sum: 808682eaa6b202fa29172821f7378768\n   sha1sum: a901c45a2a02678b0d1722e8f27152c3af12a7ac\n\n   Workstation for Linux 64-bit without VMware Tools\n   md5sum: 5116e27e7b13a76693402577bd9fda58\n   sha1sum: dbcd045a889b95ac14828b8106631b678354e30a\n\n   VMware Workstation 6.5.4\n   ------------------------\n   For Windows\n\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN\n   Release Notes:\n   http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\n\n   Workstation for Windows 32-bit and 64-bit\n   Windows 32-bit and 64-bit .exe\n   md5sum: 2dc393fcc4e78dcf2165098a4938699a\n   sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\n\n   For Linux\n   http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX\n   Release Notes:\n   http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\n\n   Workstation for Linux 32-bit\n   Linux 32-bit .rpm\n   md5sum: 9efb43a604d50e541eb3be7081b8b198\n   sha1sum: 4240d664f85a11f47288d2279224b26bef92aa8b\n\n   Workstation for Linux 32-bit\n   Linux 32-bit .bundle\n   md5sum: 38760682ad3b2f6bfb4e40f424c95c2a\n   sha1sum: ec78099322b5fb2a737cd74a1978a5c07382dc8a\n\n   Workstation for Linux 64-bit\n   Linux 64-bit .rpm\n   md5sum: 24311492bc515e9bc98eff9b2e7d33a2\n   sha1sum: b4947ef09f740440e8a24fc2ba05c0a7c11b82f5\n\n   Workstation for Linux 64-bit\n   Linux 64-bit .bundle\n   md5sum: ed24296705ad48442549d9cb2b3c0d8d\n   sha1sum: 3c0f1efae0a64fa3a41be21b0bfc962f12e0e6d8\n\n\n   VMware Player 3.0.1\n   -------------------\n   http://downloads.vmware.com/tryvmware/?p=player\u0026lp=default\n   Release notes:\nhttp://downloads.vmware.com/support/player30/doc/releasenotes_player301.html\n\n   Player for Windows 32-bit and 64-bit\n   md5sum: 78c92c0242c9540f68a629d4ac49c516\n   sha1sum: 7fc255fcd1a6784458012314db1206ed922e92cf\n\n   Player for Linux 32-bit (.bundle)\n   md5sum: e7cd19d39c7bbd1aee582743d76a7863\n   sha1sum: cff76010f0429576288ea1e5a594cd47a2c64f4a\n\n   Player for Linux 64-bit (.bundle)\n   md5sum: 88b08537c6eea705883dc1755b97738c\n   sha1sum: 84f25370d24c03a18968a4f4c8e06cef3d21c2df\n\n   VMware VIX API for Windows 32-bit and 64-bit\n   md5sum: 2c46fc7e2516f331eb4dd23154d00a54\n   sha1sum: 85ceb1b718806c6870e3a918bcc772d1486ccdc9\n\n   VMware VIX API for 32-bit Linux\n   md5sum: 8b0994a26363246b5e954f97bd5a088d\n   sha1sum: af93da138a158ee6e05780a5c4042414735987b6\n\n   VMware VIX API for 64-bit Linux\n   md5sum: ef7b9890c52b1e333f2357760a7fff85\n   sha1sum: dfef8531356de78171e13c4c108ebaeb43eaa62d\n\n   VMware Player 2.5.4\n   -------------------\n   http://downloads.vmware.com/download/player/player_reg.html\n   Release notes:\nhttp://downloads.vmware.com/support/player25/doc/releasenotes_player254.html\n\n   Player for Windows 32-bit and 64-bit (.exe)\n   md5sum: 531140a1eeed7d8b71f726b3d32a9174\n   sha1sum: 2500fa8af48452bd0e97040b80c569c3cb4f73e5\n\n   Player for Linux (.rpm)\n   md5sum: 1905f61af490f9760bef54450747e708\n   sha1sum: cf7444c0a6331439c5479a4158112a60eb0e6e8d\n\n   Player for Linux (.bundle)\n   md5sum: 74f539005687a4efce7971f7ef019af5\n   sha1sum: 4c4412c5807ecd00e66886e0e7c43ed61b62aab7\n\n   Player for Linux - 64-bit (.rpm)\n   md5sum: 013078d7f6adcdbcbaafbf5e0ae11a39\n   sha1sum: 7c434173a3fe446ebefce4803bfaa7ab67d1ff72\n\n   Player for Linux - 64-bit (.bundle)\n   md5sum: 175ce2f9656ff10a1327c0d48f80c65f\n   sha1sum: bf7acfdcb44bf345d58f79ad1bcb04816f262d22\n\n\n   VMware ACE 2.6.1\n   ----------------\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-261-WIN\n   Release notes:\n   http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html\n\n   VMware Workstation for 32-bit and 64-bit Windows with tools\n   md5sum: fc8502a748de3b8f94c5c9571c1f17d2\n   sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\n\n   VMware Workstation for Windows 32-bit and 64-bit without tools\n   md5sum: 6a18ea3847cb727b03f7890f5643db79\n   sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\n\n   ACE Management Server Virtual Appliance\n   md5sum: e26d258c511572064e99774fbac9184c\n   sha1sum: 9363656b70caa11a31a6229451202d9f8203c1f5\n\n   ACE Management Server for Windows\n   md5sum: e970828f2a5a62ac108879033a70f4b6\n   sha1sum: eca89372eacc78c3130781d0d183715055d64798\n\n   ACE Management Server for SUSE Enterprise Linux 9\n   md5sum: 59b3ad5964daef2844e72fd1765590fc\n   sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f\n\n   ACE Management Server for Red Hat Enterprise Linux 4\n   md5sum: 6623f6a8a645402a1c8c351ec99a1889\n   sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d\n\n   VMware ACE 2.5.4\n   ----------------\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-254-WIN\n   Release notes:\n   http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html\n\n   VMware ACE for Windows 32-bit and 64-bit\n   Windows 32-bit and 64-bit .exe\n   md5sum: 2dc393fcc4e78dcf2165098a4938699a\n   sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\n\n   ACE Management Server Virtual Appliance\n   AMS Virtual Appliance .zip\n   md5sum: 3935f23d4a074e7a3429a1c80cfd2155\n   sha1sum: 5b09439a9c840d39ae49fbd7a79732ecd58c52a3\n\n   ACE Management Server for Windows\n   Windows .exe\n   md5sum: 1173bd7da6ed330a262ed4e2eff6562c\n   sha1sum: d9bce88a350aa957f3387f870af763875d4d9110\n\n   ACE Management Server for SUSE Enterprise Linux 9\n   SLES 9 .rpm\n   md5sum: 0bec2cf8d6ae3bb6976c9d8cc2573208\n   sha1sum: f3c6d9ee3357535b1540cedd9e86d723e2ed2134\n\n   ACE Management Server for Red Hat Enterprise Linux 4\n   RHEL 4 .rpm\n   md5sum: 17caa522af79cf1f6b2ebad16a4ac8a5\n   sha1sum: cdd6e2a4e3d7ad89f95e60f1af024bea7eaba0fe\n\n\n   VMware Server 2.0.2\n   -------------------\n   http://www.vmware.com/download/server/\n   Release notes:\n  http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html\n\n   VMware Server 2\n   Version 2.0.2 | 203138   - 10/26/09\n   507 MB EXE image VMware Server 2 for Windows Operating Systems. A\n   master installer file containing all Windows components of VMware\n   Server. \n   md5sum: a6430bcc16ff7b3a29bb8da1704fc38a\n   sha1sum: 39683e7333732cf879ff0b34f66e693dde0e340b\n\n   VIX API 1.6 for Windows\n   Version 2.0.2 | 203138   - 10/26/09\n   37 MB image\n   md5sum: 827e65e70803ec65ade62dd27a74407a\n   sha1sum: a14281bc055271a19be3c88026e92304bc3f0e22\n\n   For Linux\n\n   VMware Server 2 for Linux Operating Systems. \n   Version 2.0.2 | 203138   - 10/26/09\n   37 MB TAR image\n   md5sum: 95ddea5a0579a35887bd15b083ffea20\n   sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747\n\n   VMware Server 2 for Linux Operating Systems 64-bit version. \n   Version 2.0.2 | 203138   - 10/26/09\n   452 MB RPM image\n   md5sum: 35c8b176601133749e4055e0034f8be6\n   sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece\n\n   The core application needed to run VMware Server 2, 64-bit version. \n   Version 2.0.2 | 203138   - 10/26/09\n   451 MB TAR image\n   md5sum: cc7aef813008eeb7150c21547d431b39\n   sha1sum: b65d3d46dc947fc7995bda354c4947afabd23474\n\n\n   VMware Fusion 3.0.2\n   -------------------\n   http://downloads.vmware.com/download/download.do?downloadGroup=FUS-302\n   Release notes:\nhttp://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html\n\n   VMware Fusion 3.0.2 (for Intel-based Macs)\n   md5sum: aa17278a4a668eeb9f9467e4e3111ccc\n   sha1sum: 58c3d63705ac90839f7c1ae14264177e1fd56df3\n\n   VMware Fusion 3.0.2 Light for Mac (for Intel-based Macs)\n   md5sum: 052ecbbfc4f59a85e2d08b4bd3ef0896\n   sha1sum: 61e00487f4c649588099647d4a5f47ddf5b8ad01\n\n   VMware Fusion 2.0.7\n   -------------------\n   http://downloads.vmware.com/download/download.do?downloadGroup=FUS-207\n   Release notes:\nhttp://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html\n\n   VMware Fusion 2.0.7 (for Intel-based Macs)\n   md5sum: a293f5ce6ccc227760640753386e9da6\n   sha1sum: ddfda92f9baf30e536bc485e42325d173a1aa370\n\n   VMware Fusion 2.0.7 Light (for Intel-based Macs)\n   md5sum: d4772d118fb90323f598849e70c21189\n   sha1sum: 5c1df1597e77ebe0f0555749b281008ca5f2fb77\n\n\n   VIX API 1.7 Version: 1.7 | 2009-08-26 | 186713\n   ----------------------------------------------\n   VIX API for Window 32-bit and 64-bit\n   Main installation file for Windows 32-bit and 64-bit host\n   md5sum:b494fc3092f07d0f29cc06a19fe61306\n   sha1sum:aa8638424cb7f25c1e42343134ac9f0bd2c2e0c9\n\n   VIX API for Linux 32-bit\n   md5sum:6b0ed8872d8b714363cddc68b6a77008\n   sha1sum:8a9b12a61641394b347488119a7120eaa47dc2a1\n\n   VIX API for Linux 64-bit\n   md5sum:d57aa9f98058d5a386c18e14cc05bf4d\n   sha1sum:3b7d4461ea257e795b322cc080f4ae29a230666b\n\n   VIX API Version: 1.8.1 | 2009-10-11 |  207905\n   ---------------------------------------------\n   VIX API for Windows 32-bit and 64-bit\n   md5sum:4f21e4cb518767bc08045f5a39f5d41f\n   sha1sum:5b8275c549f9d9498bd2ed078557f1ce1986ac12\n\n   VIX API for Linux 32-bit\n   md5sum:f347e94d907c26754540d59956ee5d53\n   sha1sum:6ddc6c9371ba127d04bc83bd55988a6c83366907\n\n   VIX API for Linux 64-bit\n   md5sum:b8a3982072d0d42c0c37dd7eb49d686c\n   sha1sum:d044ac3dd42f806bc4ff48ddf584b5e3d82910c8\n\n   VIX API Version: 1.10 Beta | 01/28/10 | 222403\n   ----------------------------------------------\n   VIX API for Windows 32-bit and 64-bit\n   md5sum:ac5b6e9197cb68c302bfac9ed683e3af\n   sha1sum:0d942e7409e88e684bdb65811e7be7f47d631a73\n\n   VIX API for Linux 32-bit\n   md5sum:07d1989d042e317eb9d2b3daf269dda7\n   sha1sum:1e3840d426d7dfff53fa7e1bd22b09b56cf2362c\n\n   VIX API for Linux 64-bit\n   md5sum:9b345008e0adec3c044988307294944b\n   sha1sum:7a54a893369c2227f7e8058430c40983168c6e0b\n\n\n   ESXi\n   ----\n   ESXi 4.0 bulletin ESXi400-201002402-BG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-193-20100228-731251/ESXi400-201002001.zip\n   md5sum: e5aa2968d389594abdc59cbac7b0183d\n   sha1sum: bb50b3ad7934e3f9e24edc879b35e83b357343b2\n   http://kb.vmware.com/kb/1018404\n\n   ESXi 3.5\n   --------\n   ESXi 3.5 patch ESXe350-200912402-T-BG was first contained in\n   ESXe350-200912401-O-BG from December 2009. \n\n   The same patch, ESXe350-200912402-T-BG, is also contained in\n   ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update. \n\n   In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also\n   included in ESXe350-201003401-O-BG from March 2010. \n\n\n   ESXe350-201002401-O-SG (latest security update)\n   http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip\n\n   md5sum: 0c8d4d1c0e3c2aed9f785cf081225d83\n\n   http://kb.vmware.com/kb/1015047 (Vi Client)\n\n   http://kb.vmware.com/kb/1016665 (VM Tools)\n\n   http://kb.vmware.com/kb/1017685 (Firmware)\n\n\n\n   The three ESXi patches for Firmware \"I\", VMware Tools \"T,\" and the\n   VI Client \"C\" are contained in a single offline \"O\" download file. \n\n\n   ESX\n   ---\n   ESX 4.0 bulletin ESX400-201002401-BG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip\n   md5sum: de62cbccaffa4b2b6831617f18c1ccb4\n   sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab\n   http://kb.vmware.com/kb/1018403\n\n   Note: ESX400-201002001 contains the bundle with the security fix,\n         ESX400-201002401-BG\n   To install an individual bulletin use esxupdate with the -b option. \n   esxupdate --bundle ESX400-201002001 -b ESX400-201002401-BG\n\n   ESX 4.0 bulletin ESX400-200911223-UG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-166-20091202-254879/ESX-4.0.0-update01a.zip\n   md5sum: 99c1fcafbf0ca105ce73840d686e9914\n   sha1sum: aa8a23416271bc28b6b8f6bdbe00045e36314ebb\n   http://kb.vmware.com/kb/1014842\n\n   Note: ESX-4.0.0-update01a contains the bundle with the security fix,\n         ESX400-200911223-UG\n   To install an individual bulletin use esxupdate with the -b option. \n   esxupdate --bundle ESX-4.0.0-update01a -b ESX400-200911223-UG\n\n   ESX 3.5 patch ESX350-200912401-BG\n   http://download3.vmware.com/software/vi/ESX350-200912401-BG.zip\n   md5sum: f1d3589745b4ae933554785aef22bacc\n   sha1sum: d1e5a9209b165d43d75f076e556fc028bec4cc47\n   http://kb.vmware.com/kb/1016657\n\n   ESX 3.0.3 patch ESX303-201002203-UG\n   http://download3.vmware.com/software/vi/ESX303-201002203-UG.zip\n   md5sum: 49ee56b687707cbe6999836c315f081a\n   http://kb.vmware.com/kb/1018030\n\n   ESX 2.5.5 Upgrade Patch 15\n http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz\n   md5sum: c346fe510b6e51145570e03083f77357\n   sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4\n   http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html\n\n\n5. References\n   http://www.acrossecurity.com/advisories.htm\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1564\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1565\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141\n\n6. Change log\n2010-04-09  VMSA-2010-0007\nInitial security advisory after release of Workstation 6.5.4 and Fusion\n2.0.7 on 2010-04-08. \n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFLvvM8S2KysvBH1xkRAgu/AJ9RrzlOq/5Ug0t8R4qoi/UwDVJDpACbBGgT\nd58bjKG6Ic7m/TsoJP4M2tw=\n=Q1zv\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA10-238A\n\n\nMicrosoft Windows Insecurely Loads Dynamic Libraries\n\n   Original release date: August 26, 2010\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     Any application running on the Microsoft Windows platform that\n     uses dynamically linked libraries (DLLs) may be affected. Please see the Vendor Information\n     section of Vulnerability Note VU#707943 for information about\n     specific vendors. DLLs are typically loaded\n   when the application is first started; however DLLs may be loaded\n   and unloaded while the application is running. An application can\n   request a DLL file in a variety of ways, and Windows uses several\n   different search algorithms to find DLL files. The interaction\n   between the application and Windows can result in a DLL file being\n   loaded from the current working directory of the application,\n   instead of the Windows system directory or the directory where the\n   application is installed. \n\n   The current working directory could be the desktop, a removable\n   storage device such as a USB key, a Windows file share, or a WebDAV\n   location. When a file associated with an application is opened, a\n   DLL in the same directory as the file may be loaded. Although an\n   attacker may not have permission to write to the Windows system or\n   application directories, the attacker may be able to write a DLL to\n   a directory used to store files, or the attacker could provide\n   their own directory. \n\n   Attacks against this type of vulnerability have been referred to as\n   \"binary planting.\" Please see Vulnerability Note VU#707943 and\n   Microsoft Security Advisory 2269637 for more information. \n\n\nII. Impact\n\n   By placing a DLL with the correct name (and possibly the relative\n   directory path) in the current working directory, an attacker could\n   execute arbitrary code with the privileges of the application that\n   loads the DLL. \n\n\nIII. Solution\n\n   Individual applications that run on the Windows platform may\n   require patches or updates. Microsoft Knowledge Base article\n   KB2264107 describes an update that provides a registry key that can\n   prevent Windows from searching the current working directory for\n   DLL files. \n\n   Information about specific solutions for different vendors, general\n   mitigation techniques, and secure ways for applications to load\n   DLLs can be found in the Vendor Information and Solution sections\n   of Vulnerability Note VU#707943. \n\n\nIV. References\n\n * Vulnerability Note VU#707943 -\n   \u003chttp://www.kb.cert.org/vuls/id/707943\u003e\n\n * Microsoft Security Advisory (2269637) -\n   \u003chttp://www.microsoft.com/technet/security/advisory/2269637.mspx\u003e\n\n * A new CWDIllegalInDllSearch registry entry is available to control\n   the DLL search path algorithm -\n   \u003chttp://support.microsoft.com/kb/2264107\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA10-238A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA10-238A Feedback VU#707943\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2010 by US-CERT, a government organization. \n\nBackground\n==========\n\nVMware Player, Server, and Workstation allow emulation of a complete PC\non a PC without the usual performance overhead of most emulators. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulation/vmware-player\n                              \u003c= 2.5.5.328052              Vulnerable!\n  2  app-emulation/vmware-workstation\n                              \u003c= 6.5.5.328052              Vulnerable!\n  3  app-emulation/vmware-server\n                              \u003c= 1.0.9.156507              Vulnerable!\n    -------------------------------------------------------------------\n     NOTE: Certain packages are still vulnerable. Users should migrate\n           to another package if one is available or wait for the\n           existing packages to be marked stable by their\n           architecture maintainers. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nLocal users may be able to gain escalated privileges, cause a Denial of\nService, or gain sensitive information. \n\nA remote attacker could entice a user to open a specially crafted file,\npossibly resulting in the remote execution of arbitrary code, or a\nDenial of Service. Remote attackers also may be able to spoof DNS\ntraffic, read arbitrary files, or inject arbitrary web script to the\nVMware Server Console. \n\nFurthermore, guest OS users may be able to execute arbitrary code on\nthe host OS, gain escalated privileges on the guest OS, or cause a\nDenial of Service (crash the host OS). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nGentoo discontinued support for VMware Workstation. We recommend that users\nunmerge VMware Server:\n\n  # emerge --unmerge \"app-emulation/vmware-server\"\n\nReferences\n==========\n\n[  1 ] CVE-2007-5269\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269\n[  2 ] CVE-2007-5503\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503\n[  3 ] CVE-2007-5671\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671\n[  4 ] CVE-2008-0967\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967\n[  5 ] CVE-2008-1340\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340\n[  6 ] CVE-2008-1361\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361\n[  7 ] CVE-2008-1362\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362\n[  8 ] CVE-2008-1363\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363\n[  9 ] CVE-2008-1364\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364\n[ 10 ] CVE-2008-1392\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392\n[ 11 ] CVE-2008-1447\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447\n[ 12 ] CVE-2008-1806\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806\n[ 13 ] CVE-2008-1807\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807\n[ 14 ] CVE-2008-1808\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808\n[ 15 ] CVE-2008-2098\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098\n[ 16 ] CVE-2008-2100\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100\n[ 17 ] CVE-2008-2101\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101\n[ 18 ] CVE-2008-4915\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915\n[ 19 ] CVE-2008-4916\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916\n[ 20 ] CVE-2008-4917\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917\n[ 21 ] CVE-2009-0040\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040\n[ 22 ] CVE-2009-0909\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909\n[ 23 ] CVE-2009-0910\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910\n[ 24 ] CVE-2009-1244\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244\n[ 25 ] CVE-2009-2267\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267\n[ 26 ] CVE-2009-3707\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707\n[ 27 ] CVE-2009-3732\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732\n[ 28 ] CVE-2009-3733\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733\n[ 29 ] CVE-2009-4811\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811\n[ 30 ] CVE-2010-1137\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137\n[ 31 ] CVE-2010-1138\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138\n[ 32 ] CVE-2010-1139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139\n[ 33 ] CVE-2010-1140\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140\n[ 34 ] CVE-2010-1141\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141\n[ 35 ] CVE-2010-1142\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142\n[ 36 ] CVE-2010-1143\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143\n[ 37 ] CVE-2011-3868\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "db": "BID",
            "id": "39392"
          },
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "db": "PACKETSTORM",
            "id": "88215"
          },
          {
            "db": "PACKETSTORM",
            "id": "93209"
          },
          {
            "db": "PACKETSTORM",
            "id": "117012"
          }
        ],
        "trust": 4.59
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-1141",
            "trust": 4.0
          },
          {
            "db": "SECUNIA",
            "id": "39198",
            "trust": 3.1
          },
          {
            "db": "SECUNIA",
            "id": "39206",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1023832",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1023833",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943",
            "trust": 1.7
          },
          {
            "db": "USCERT",
            "id": "TA10-238A",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "39392",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "1699",
            "trust": 0.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-0852",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "14789",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "14788\u203b14789",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "14788",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
            "trust": 0.6
          },
          {
            "db": "MLIST",
            "id": "[SECURITY-ANNOUNCE] 20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "7D7C8FB0-463F-11E9-A735-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "46C824C0-2356-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1141",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "88215",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "93209",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "117012",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "db": "BID",
            "id": "39392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "PACKETSTORM",
            "id": "88215"
          },
          {
            "db": "PACKETSTORM",
            "id": "93209"
          },
          {
            "db": "PACKETSTORM",
            "id": "117012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "id": "VAR-200009-0023",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          }
        ],
        "trust": 0.1
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          }
        ]
      },
      "last_update_date": "2024-07-23T20:18:16.537000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "VMSA-2010-0007",
            "trust": 0.8,
            "url": "http://www.vmware.com/security/advisories/vmsa-2010-0007.html"
          },
          {
            "title": "HT4105",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/ht4105"
          },
          {
            "title": "HT4105",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/ht4105?viewlocale=ja_jp"
          },
          {
            "title": "Opera Software\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu707943/844993/index.html"
          },
          {
            "title": "Adobe\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu707943/244523/index.html"
          },
          {
            "title": "LhaForge",
            "trust": 0.8,
            "url": "http://claybird.sakura.ne.jp/garage/lhaforge/index.html"
          },
          {
            "title": "2010.2F9.2F7_ver_6.3.1",
            "trust": 0.8,
            "url": "http://lunapedia.lunascape.jp/index.php?title=lunascape6#2010.2f9.2f7_ver_6.3.1"
          },
          {
            "title": "Another technique for Fixing DLL Preloading attacks",
            "trust": 0.8,
            "url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
          },
          {
            "title": "More information about the DLL Preloading remote attack vector",
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
          },
          {
            "title": "Secure loading of libraries to prevent DLL preloading attacks - Guidance for Software Developers\u3000(Word \u6587\u66f8)",
            "trust": 0.8,
            "url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-21/secure-loading-of-libraries-to-prevent-dll-preloading.docx"
          },
          {
            "title": "Dynamic-Link Library Security",
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/ja-jp/library/ff919712%28v=vs.85%29.aspx"
          },
          {
            "title": "2269637",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
          },
          {
            "title": "Load Library Safely",
            "trust": 0.8,
            "url": "https://blogs.technet.microsoft.com/srd/2014/05/13/load-library-safely/"
          },
          {
            "title": "DLL \u691c\u7d22\u30d1\u30b9\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u5236\u5fa1\u3059\u308b\u65b0\u3057\u3044 CWDIllegalInDllSearch \u30ec\u30b8\u30b9\u30c8\u30ea\u30a8\u30f3\u30c8\u30ea\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://support.microsoft.com/kb/2264107"
          },
          {
            "title": "NV11-003",
            "trust": 0.8,
            "url": "http://www.nec.co.jp/security-info/secinfo/nv11-003.html"
          },
          {
            "title": "Microsoft Windows \u306b\u304a\u3051\u308b DLL \u8aad\u307f\u8fbc\u307f\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "http://www.ponsoftware.com/archiver/bug.htm#load_lib"
          },
          {
            "title": "\u691c\u7d22\u30d1\u30b9\u306e\u554f\u984c\u306b\u8d77\u56e0\u3059\u308b\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www5f.biglobe.ne.jp/~t-susumu"
          },
          {
            "title": "MHSVI#20100824",
            "trust": 0.8,
            "url": "http://homepage3.nifty.com/micco/vul/2010/mhsvi20100824.htm"
          },
          {
            "title": "sleipnirsleipnir_295",
            "trust": 0.8,
            "url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html"
          },
          {
            "title": "2269637",
            "trust": 0.8,
            "url": "https://www.microsoft.com/japan/technet/security/advisory/2269637.mspx"
          },
          {
            "title": "\u65b0\u305f\u306a\u30ea\u30e2\u30fc\u30c8\u306e\u653b\u6483\u624b\u6cd5\u306b\u95a2\u3059\u308b\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea 2269637 \u3092\u516c\u958b",
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/jpsecurity/archive/2010/08/24/3351474.aspx"
          },
          {
            "title": "\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u5b89\u5168\u306b\u30ed\u30fc\u30c9\u3057\u3066 DLL \u306e\u30d7\u30ea\u30ed\u30fc\u30c9\u653b\u6483\u3092\u9632\u3050 - \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u958b\u767a\u8005\u5411\u3051\u30ac\u30a4\u30c0\u30f3\u30b9 (Word \u6587\u66f8)",
            "trust": 0.8,
            "url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-74/secure-loading-of-libraries-to-prevent-dll-preloading_5f00_j.docx"
          },
          {
            "title": "TA10-238A",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-238a.html"
          },
          {
            "title": "VMSA - 2010 - 0007: VMware Managed Products, vCenter Server and ESX Multiple Security Patches",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/155"
          },
          {
            "title": "VMware Security Advisories: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=9a156b22cf9a31c993f6585b6881d5a5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://secunia.com/advisories/39198"
          },
          {
            "trust": 2.5,
            "url": "http://secunia.com/advisories/39206"
          },
          {
            "trust": 1.9,
            "url": "http://www.securitytracker.com/id?1023832"
          },
          {
            "trust": 1.9,
            "url": "http://www.securitytracker.com/id?1023833"
          },
          {
            "trust": 1.8,
            "url": "http://www.vmware.com/security/advisories/vmsa-2010-0007.html"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.us-cert.gov/cas/techalerts/ta10-238a.html"
          },
          {
            "trust": 1.2,
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "trust": 1.1,
            "url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-1-pub.txt"
          },
          {
            "trust": 1.1,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7020"
          },
          {
            "trust": 0.9,
            "url": "http://www.securityfocus.com/bid/39392"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1141"
          },
          {
            "trust": 0.8,
            "url": "http://www.cert.org/blogs/vuls/2008/09/carpet_bombing_and_directory_p.html"
          },
          {
            "trust": 0.8,
            "url": "http://blog.mandiant.com/archives/1207"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/en-us/library/aa297182"
          },
          {
            "trust": 0.8,
            "url": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/en-us/library/ms684175%28vs.85%29.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-2-pub.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.acrossecurity.com/aspr/aspr-2010-08-18-1-pub.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/1699/discuss"
          },
          {
            "trust": 0.8,
            "url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
          },
          {
            "trust": 0.8,
            "url": "http://blog.rapid7.com/?p=5325"
          },
          {
            "trust": 0.8,
            "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/cse-2010-2.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.microsoft.com/technet/security/advisory/2269637.mspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://support.microsoft.com/kb/2264107"
          },
          {
            "trust": 0.8,
            "url": "http://www.guninski.com/officedll.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta10-238a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/jvntr-2010-23"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1141"
          },
          {
            "trust": 0.8,
            "url": "http://www.vupen.com/english/advisories/2010/0852"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/about/press/20101111.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta10-238a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu707943"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/jvntr-2010-23/"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/707943"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/14788\u203b14789"
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3732"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3707"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1015047"
          },
          {
            "trust": 0.1,
            "url": "http://download3.vmware.com/software/wkst/vmware-moviedecoder-6.5.4-246459.exe"
          },
          {
            "trust": 0.1,
            "url": "http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1016665"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3707"
          },
          {
            "trust": 0.1,
            "url": "https://hostupdate.vmware.com/software/vum/offline/release-192-20100228-732240/esx400-201002001.zip"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1018404"
          },
          {
            "trust": 0.1,
            "url": "http://download3.vmware.com/software/vi/esx303-201002203-ug.zip"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/lifecycle/vi/faq.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=fus-302"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=ace-254-win"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1141"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2042"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/tryvmware/?p=player\u0026lp=default"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1016657"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1565"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-701-lx"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1055"
          },
          {
            "trust": 0.1,
            "url": "https://hostupdate.vmware.com/software/vum/offline/release-193-20100228-731251/esxi400-201002001.zip"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/player30/doc/releasenotes_player301.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1142"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1142"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=fus-207"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1017685"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1139"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/player/player_reg.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1139"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1018030"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2042"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3732"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/player25/doc/releasenotes_player254.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=ace-261-win"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1565"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1138"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-654-win"
          },
          {
            "trust": 0.1,
            "url": "http://www.vupen.com)"
          },
          {
            "trust": 0.1,
            "url": "http://download3.vmware.com/software/vi/esx350-200912401-bg.zip"
          },
          {
            "trust": 0.1,
            "url": "http://tinyurl.com/27mpjo"
          },
          {
            "trust": 0.1,
            "url": "http://www.acrossecurity.com)"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-701-win"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1014842"
          },
          {
            "trust": 0.1,
            "url": "https://hostupdate.vmware.com/software/vum/offline/release-166-20091202-254879/esx-4.0.0-update01a.zip"
          },
          {
            "trust": 0.1,
            "url": "http://www.acrossecurity.com/advisories.htm"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1138"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1564"
          },
          {
            "trust": 0.1,
            "url": "http://download3.vmware.com/software/vi/esxe350-201002401-o-sg.zip"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-654-lx"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1564"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1018403"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/707943\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/techalerts/ta10-238a.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://support.microsoft.com/kb/2264107\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/signup.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/legal.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3733"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0909"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4915"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3868"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3732"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1142"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4917"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2098"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4916"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1140"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1141"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1447"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2267"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0910"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1137"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1138"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1447"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1143"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2098"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1807"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2100"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4916"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1244"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3733"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1808"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1807"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1392"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2101"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1806"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0909"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2267"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3707"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2101"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5671"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4917"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2100"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5503"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0967"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5671"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1806"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5503"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0910"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1392"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1244"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0967"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "db": "BID",
            "id": "39392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "PACKETSTORM",
            "id": "88215"
          },
          {
            "db": "PACKETSTORM",
            "id": "93209"
          },
          {
            "db": "PACKETSTORM",
            "id": "117012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "db": "BID",
            "id": "39392"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "PACKETSTORM",
            "id": "88215"
          },
          {
            "db": "PACKETSTORM",
            "id": "93209"
          },
          {
            "db": "PACKETSTORM",
            "id": "117012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-04-13T00:00:00",
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "date": "2010-04-13T00:00:00",
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2010-08-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "date": "2010-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "date": "2010-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "date": "2010-04-09T00:00:00",
            "db": "BID",
            "id": "39392"
          },
          {
            "date": "2010-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "date": "2010-09-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "date": "2010-04-10T03:16:16",
            "db": "PACKETSTORM",
            "id": "88215"
          },
          {
            "date": "2010-08-27T02:58:57",
            "db": "PACKETSTORM",
            "id": "93209"
          },
          {
            "date": "2012-09-30T16:40:15",
            "db": "PACKETSTORM",
            "id": "117012"
          },
          {
            "date": "2010-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          },
          {
            "date": "2010-04-12T18:30:00.663000",
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "date": "2010-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          },
          {
            "date": "2017-09-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-1141"
          },
          {
            "date": "2012-10-01T19:10:00",
            "db": "BID",
            "id": "39392"
          },
          {
            "date": "2010-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001364"
          },
          {
            "date": "2016-11-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "date": "2010-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          },
          {
            "date": "2017-09-19T01:30:34.547000",
            "db": "NVD",
            "id": "CVE-2010-1141"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "VMWare Tools Package Library Reference Code Execution Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "46c824c0-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-0574"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201004-160"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201710-0207

    Vulnerability from variot - Updated: 2024-07-23 20:12

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-12-6-3 watchOS 4.2

    watchOS 4.2 addresses the following:

    IOSurface Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero

    Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple CVE-2017-13876: Ian Beer of Google Project Zero

    Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad

    Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero

    Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero

    Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero

    Wi-Fi Available for: Apple Watch (1st Generation) and Apple Watch Series 3 Released for Apple Watch Series 1 and Apple Watch Series 2 in watchOS 4.1. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

    To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

    Alternatively, on your watch, select "My Watch > General > About". Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

    An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.

    For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.

    For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1.

    For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1.

    We recommend that you upgrade your wpa packages. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    Title: Microsoft Security Update Releases Issued: October 17, 2017


    Summary

    The following CVE has undergone a major revision increment.

    • ADV170018

    CVE Revision Information:

    CVE-2017-13080

    • Title: ADV170018 | October 2017 Flash Update
    • https://portal.msrc.microsoft.com/en-us/security-guidance
    • Reason for Revision: The October Adobe Flash Security Update is available for installation. See https://support.microsoft.com/ en-us/help/4049179 for more information.
    • Originally posted: October 17, 2017
    • Updated: N/A
    • CVE Severity Rating: Critical
    • Version: 1.0

    Other Information

    Recognize and avoid fraudulent email to Microsoft customers:

    If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

    The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.


    THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.


    Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.

    If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.

    These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.

    For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx.

    This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052

    -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) - not licensed for commercial use: www.pgp.com Charset: utf-8

    wsFVAwUBWeY7FvsCXwi14Wq8AQibMw/9HB/Dclpw74jADq8uMxo5mm+ZFGZ9gXqW pTdHL3HrzNqzsM/7oq1sYdzVqN2j35pXMpPmJnjt9ewhma0G+IKwwtu7efFelhUd bEB8o5KLREJJLnDVHWAfAEVvFqx15E7hbQdjQdwvK+fT26W7QwyyUnQt9akTR9bS v3B/GKLuacopPD7G/+v3g2N51NBbp1STidNTbOqbExK/UDqZBbkLs4XoC6FORXMY kdUzSuWPuDVQneqOpQlC9O2M7+f6qWWdVG67F44tD6e575eToCf0LVjsLIPEMx06 iuK0alu4HnUi3mwTpruwkrFANJlL0y6o6uwfBt/QQ/RQoe6EeBmQOvFB6jTa8fQ7 ydHIMTKgxCJQMzUGrrkr0F+M0S0yZkW5Pq90eZxLtvxAypJSbPlH3ET4h4hIeuqv 38eOg5Pb5FkBdaMaP0VqeI/k/Ur5TRHvLSBWp5jgZi6CMKb8srfTmR53vs5Igtgb Tsh10G0bXAExWWE/pqmQs+rW03/ElM5JoH8/wS9tG4M3UNvsnR2CUz2KbIvQcJFt DG34sh3Z5HztbGmkWUxWwORcUrvW0U6DnP1U4D6uSmcSZrO5dwIHTIA4kECw7Ret SjhMDbo9s2Y75VBb1ilIbQY3AnzT2q2j6t3kJnyh3IjmMP96bhmdF1FF4apToAUv TVE4JSTK9HY= =G8zY -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3505-1 December 06, 2017

    linux-firmware vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.10
    • Ubuntu 17.04
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Summary:

    Several security issues were fixed in linux-firmware.

    Software Description: - linux-firmware: Firmware for Linux kernel drivers

    Details:

    Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. (CVE-2017-13080, CVE-2017-13081)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 17.10: linux-firmware 1.169.1

    Ubuntu 17.04: linux-firmware 1.164.2

    Ubuntu 16.04 LTS: linux-firmware 1.157.14

    Ubuntu 14.04 LTS: linux-firmware 1.127.24

    After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    ============================================================================= FreeBSD-SA-17:07.wpa Security Advisory The FreeBSD Project

    Topic: WPA2 protocol vulnerability

    Category: contrib Module: wpa Announced: 2017-10-16 Credits: Mathy Vanhoef Affects: All supported versions of FreeBSD. Corrected: 2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE) 2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2) 2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13) 2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE) 2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1) 2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22) CVE Name: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

    1. Revision history

    v1.0 2017-10-17 Initial release. v1.1 2017-10-19 Add patches for 10.x releases.

    I.

    hostapd and wpa_supplicant are implementations of user space daemon for access points and wireless client that implements the WPA2 protocol.

    II. Problem Description

    A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.

    III. Impact

    Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.

    IV. Workaround

    An updated version of wpa_supplicant is available in the FreeBSD Ports Collection. Install version 2.6_2 or later of the security/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    wpa_supplicant_program="/usr/local/sbin/wpa_supplicant"

    and restart networking.

    An updated version of hostapd is available in the FreeBSD Ports Collection. Install version 2.6_1 or later of the net/hostapd port/pkg. Once installed, update /etc/rc.conf to use the new binary:

    hostapd_program="/usr/local/sbin/hostapd"

    and restart hostapd.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

    freebsd-update fetch

    freebsd-update install

    Restart the Wi-Fi network interfaces/hostapd or reboot the system.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    [FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc

    gpg --verify wpa-11.patch.asc

    [FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch

    fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc

    gpg --verify wpa-10.patch.asc

    b) Apply the patch. Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in .

    Restart the applicable daemons, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each affected branch.

    Branch/path Revision


    stable/11/ r324697 releng/11.0/ r324698 releng/11.1/ r324699 stable/10/ r324739 releng/10.3/ r324740 releng/10.4/ r324741


    To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

    svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    VII. References

    The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P auc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf uJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/ F/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp gN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM 4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0 VpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd OAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O y7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K xfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr SdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K ETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE= =h/5q -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0207",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "openstack cloud",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "linux enterprise point of sale",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.7"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.3"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "17.04"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9front",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adtran",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aerohive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "alcatel lucent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "android open source",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "barracuda",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cambium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "centos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cradlepoint",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cypress semiconductor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "digi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "draytek",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "edimax computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "engenius",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "endian",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "espressif",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f secure",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hostap",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ipfire",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lancom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lede",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lifx",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mojo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nest",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opnsense",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "omnirom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "open mesh",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "peplink",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "riverbed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruckus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung mobile",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tp link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "texas instruments",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba commerce",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba electronic devices storage",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba memory",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "turris omnia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "volumio",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xiaomi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xirrus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zebra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dd wrt",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "eero",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "freebsd",
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "leap",
            "scope": null,
            "trust": 0.8,
            "vendor": "opensuse",
            "version": null
          },
          {
            "model": "linux enterprise desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise point of sale",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise server",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "openstack cloud",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "hostapd",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "wpa supplicant",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "enterprise linux desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "enterprise linux server",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "edge gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "sr-m20ac1",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "sr-m20ac2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "alliance wi-fi protected access 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "wi fi",
            "version": null
          },
          {
            "model": "scalance w-700",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux desktop",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux server",
            "version": "11"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.1"
          },
          {
            "model": "pyxis supplystation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "sinamics smart access module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "v200"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.27.3264"
          },
          {
            "model": "meraki mr34",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ck71a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2.0"
          },
          {
            "model": "macbook air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18500"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.0"
          },
          {
            "model": "meraki mr26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "28000"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr84",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "510x0"
          },
          {
            "model": "windows server r2 for itanium-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "contact itc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "81130"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.0.0"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr18",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.3"
          },
          {
            "model": "scalance w1750d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "secure ii med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "210x0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "aironet access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "wap371 wireless-ac n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "contact rad-80211-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "contact fl wlan dap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.25"
          },
          {
            "model": "pyxis medstation es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "wireless ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88210"
          },
          {
            "model": "pyxis stockstation system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "macbook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.2"
          },
          {
            "model": "scalance wlc712",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "contact fl wlan spa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "meraki mr62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic et200 pro im154-6 pn iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "tropos broadband mesh routers and bridges",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "abb",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.2"
          },
          {
            "model": "meraki mr33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "micros handheld terminal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.2"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.6"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "110x0"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.4"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": "contact fl comserver wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "232/422/4850"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.8"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7."
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1.91.3272"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.9"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "230802-110"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.1"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18150"
          },
          {
            "model": "wireless client bridge 2.0.0.1-aruba501-b00",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.2"
          },
          {
            "model": "airport express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "clarity engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0"
          },
          {
            "model": "meraki mr30h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airport extreme",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0"
          },
          {
            "model": "contact bl2 bpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "enterprise linux for ibm z systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "watch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "4.0"
          },
          {
            "model": "ruggedcom rx1400",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "cn70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "pyxis parx handheld",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.40.100"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "windows rt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.1"
          },
          {
            "model": "meraki mr42",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.6"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.3"
          },
          {
            "model": "wap561 wireless-n dual radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.26.3000"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6"
          },
          {
            "model": "tvos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2016"
          },
          {
            "model": "contact rad-whg/wlan-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.3"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.4.0"
          },
          {
            "model": "suremark printer 2nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "enterprise linux for power little endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.0.0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.8"
          },
          {
            "model": "windows server for x64-based systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "pyxis supply roller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.3"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "model": "telepresence collaboration endpoint",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2.61.3535"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "70xx0"
          },
          {
            "model": "imac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr72",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.25.3001"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2"
          },
          {
            "model": "meraki mr53",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "wap551 wireless-n single radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.0.0"
          },
          {
            "model": "wap121 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.5"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.0.1000"
          },
          {
            "model": "wireless client bridge 1.0.1.3-hp501-b0012",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "i.roc ci70-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.0.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1"
          },
          {
            "model": "cn70e-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.0.0.0"
          },
          {
            "model": "meraki mr24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "suremark printer 1nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "50xx0"
          },
          {
            "model": "meraki mr74",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.15"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.20"
          },
          {
            "model": "anyconnect secure mobility client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.1"
          },
          {
            "model": "systems esp32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "micros handheld terminal 2.03.0.0.021r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "38000"
          },
          {
            "model": "pyxis parx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dx70",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1.9"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2141"
          },
          {
            "model": "pyxis anesthesia es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "aironet series officeextend access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18100"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.55.3000"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "model": "meraki mr66",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2131"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.2"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18300"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.0.50.1004"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.1.0"
          },
          {
            "model": "wap321 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic iwlan-pb/link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "aironet 1810w series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "meraki mr52",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airmesh msr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.20"
          },
          {
            "model": "watchos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "model": "contact fl wlan ec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.8"
          },
          {
            "model": "systems esp8266",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "pad-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.0.1205"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88610"
          },
          {
            "model": "clarity engine",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0.0.1"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15600"
          },
          {
            "model": "windows for 32-bit systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.5"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.8"
          },
          {
            "model": "windows for x64-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "meraki mr58",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.2"
          },
          {
            "model": "pyxis parassist system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "windows server for 32-bit systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.0"
          },
          {
            "model": "simatic mobile panel 277 iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "pyxis medstation t2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.0.0"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "ipad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "30xx0"
          },
          {
            "model": "enterprise linux for power big endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.6"
          },
          {
            "model": "wireless client bridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5010"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.5"
          },
          {
            "model": "meraki mr11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.3"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "35000"
          },
          {
            "model": "automation stratix 15.3 jc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "5100"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "pyxis ciisafe workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "??0"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.0.0"
          },
          {
            "model": "ipad air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "enterprise linux for scientific computing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1.71.3608"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.41.3024"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "model": "dx80",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.0"
          },
          {
            "model": "contact bl2 ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "contact tpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "60130"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1"
          },
          {
            "model": "ck70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.20"
          },
          {
            "model": "macbook pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.8"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.5"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.4"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.3"
          },
          {
            "model": "tab-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "macmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.16"
          },
          {
            "model": "contact fl wlan epa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "airport time capsule",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "alliance wpa2 (wi-fi protected access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wi fi",
            "version": "2)0"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.9"
          },
          {
            "model": "scalance wlc711",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "ruggedcom rs9xxw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.15"
          },
          {
            "model": "networks unifi access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubiquiti",
            "version": "0"
          },
          {
            "model": "suremark printer 2cr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88650"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "asa 5506w-x w/ firepower services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.9"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3005"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.0.0.0"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2010"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "14.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "16.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "17.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "8.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux desktop",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux point of sale",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "openstack cloud",
            "version": "6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mathy Vanhoef from imec-DistriNet and KU Leuven.",
        "sources": [
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-13080",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 5.5,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.9,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-13080",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CNVD-2017-30403",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-13080",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-13080",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-30403",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-383",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-13080",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or \"KRACK\" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). WPA2  is prone to multiple security weaknesses. \nExploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-6-3 watchOS 4.2\n\nwatchOS 4.2 addresses the following:\n\nIOSurface\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13861: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13862: Apple\nCVE-2017-13876: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2017-13833: Brandon Azad\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to read restricted memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2017-13855: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13867: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: All Apple Watch models\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13865: Ian Beer of Google Project Zero\nCVE-2017-13868: Brandon Azad\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nWi-Fi\nAvailable for: Apple Watch (1st Generation) and Apple Watch Series 3\nReleased for Apple Watch Series 1 and Apple Watch Series 2 in\nwatchOS 4.1. This was addressed with improved state management. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant). \n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1. \n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1. \n\nWe recommend that you upgrade your wpa packages. \nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: October 17, 2017\n********************************************************************\n\nSummary\n=======\n\nThe following CVE has undergone a major revision increment. \n\n* ADV170018\n\n\nCVE Revision Information:\n=====================\n\nCVE-2017-13080\n\n - Title: ADV170018 | October 2017 Flash Update\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: The October Adobe Flash Security Update is \n   available for installation. See https://support.microsoft.com/\n   en-us/help/4049179 for more information. \n - Originally posted: October 17, 2017  \n - Updated: N/A \n - CVE Severity Rating: Critical\n - Version: 1.0\n\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. \n\nThis newsletter was sent by:\nMicrosoft Corporation\n1 Microsoft Way\nRedmond, Washington, USA\n98052\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 1950) - not licensed for commercial use: www.pgp.com\nCharset: utf-8\n\nwsFVAwUBWeY7FvsCXwi14Wq8AQibMw/9HB/Dclpw74jADq8uMxo5mm+ZFGZ9gXqW\npTdHL3HrzNqzsM/7oq1sYdzVqN2j35pXMpPmJnjt9ewhma0G+IKwwtu7efFelhUd\nbEB8o5KLREJJLnDVHWAfAEVvFqx15E7hbQdjQdwvK+fT26W7QwyyUnQt9akTR9bS\nv3B/GKLuacopPD7G/+v3g2N51NBbp1STidNTbOqbExK/UDqZBbkLs4XoC6FORXMY\nkdUzSuWPuDVQneqOpQlC9O2M7+f6qWWdVG67F44tD6e575eToCf0LVjsLIPEMx06\niuK0alu4HnUi3mwTpruwkrFANJlL0y6o6uwfBt/QQ/RQoe6EeBmQOvFB6jTa8fQ7\nydHIMTKgxCJQMzUGrrkr0F+M0S0yZkW5Pq90eZxLtvxAypJSbPlH3ET4h4hIeuqv\n38eOg5Pb5FkBdaMaP0VqeI/k/Ur5TRHvLSBWp5jgZi6CMKb8srfTmR53vs5Igtgb\nTsh10G0bXAExWWE/pqmQs+rW03/ElM5JoH8/wS9tG4M3UNvsnR2CUz2KbIvQcJFt\nDG34sh3Z5HztbGmkWUxWwORcUrvW0U6DnP1U4D6uSmcSZrO5dwIHTIA4kECw7Ret\nSjhMDbo9s2Y75VBb1ilIbQY3AnzT2q2j6t3kJnyh3IjmMP96bhmdF1FF4apToAUv\nTVE4JSTK9HY=\n=G8zY\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3505-1\nDecember 06, 2017\n\nlinux-firmware vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in linux-firmware. \n\nSoftware Description:\n- linux-firmware: Firmware for Linux kernel drivers\n\nDetails:\n\nMathy Vanhoef discovered that the firmware for several Intel WLAN\ndevices incorrectly handled WPA2 in relation to Wake on WLAN. (CVE-2017-13080, CVE-2017-13081)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n  linux-firmware                  1.169.1\n\nUbuntu 17.04:\n  linux-firmware                  1.164.2\n\nUbuntu 16.04 LTS:\n  linux-firmware                  1.157.14\n\nUbuntu 14.04 LTS:\n  linux-firmware                  1.127.24\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-17:07.wpa                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          WPA2 protocol vulnerability\n\nCategory:       contrib\nModule:         wpa\nAnnounced:      2017-10-16\nCredits:        Mathy Vanhoef\nAffects:        All supported versions of FreeBSD. \nCorrected:      2017-10-17 17:30:18 UTC (stable/11, 11.1-STABLE)\n                2017-10-17 17:57:18 UTC (releng/11.1, 11.1-RELEASE-p2)\n                2017-10-17 17:56:03 UTC (releng/11.0, 11.0-RELEASE-p13)\n                2017-10-19 03:18:22 UTC (stable/10, 10.4-STABLE)\n                2017-10-19 03:20:17 UTC (releng/10.4, 10.4-RELEASE-p1)\n                2017-10-19 03:19:42 UTC (releng/10.3, 10.3-RELEASE-p22)\nCVE Name:       CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,\n                CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,\n                CVE-2017-13086, CVE-2017-13087, CVE-2017-13088\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\n0.   Revision history\n\nv1.0  2017-10-17 Initial release. \nv1.1  2017-10-19 Add patches for 10.x releases. \n\nI. \n\nhostapd and wpa_supplicant are implementations of user space daemon for\naccess points and wireless client that implements the WPA2 protocol. \n\nII.  Problem Description\n\nA vulnerability was found in how a number of implementations can be\ntriggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by\nreplaying a specific frame that is used to manage the keys. \n\nIII. Impact\n\nSuch reinstallation of the encryption key can result in two different\ntypes of vulnerabilities: disabling replay protection and significantly\nreducing the security of encryption to the point of allowing frames to\nbe decrypted or some parts of the keys to be determined by an attacker\ndepending on which cipher is used. \n\nIV.  Workaround\n\nAn updated version of wpa_supplicant is available in the FreeBSD Ports\nCollection. Install version 2.6_2 or later of the\nsecurity/wpa_supplicant port/pkg. Once installed, update /etc/rc.conf\nto use the new binary:\n\nwpa_supplicant_program=\"/usr/local/sbin/wpa_supplicant\"\n\nand restart networking. \n\nAn updated version of hostapd is available in the FreeBSD Ports\nCollection. Install version 2.6_1 or later of the net/hostapd port/pkg. \nOnce installed, update /etc/rc.conf to use the new binary:\n\nhostapd_program=\"/usr/local/sbin/hostapd\"\n\nand restart hostapd. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart the Wi-Fi network interfaces/hostapd or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 11.0-RELEASE, 11.1-RELEASE, and 11-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-11.patch.asc\n# gpg --verify wpa-11.patch.asc\n\n[FreeBSD 10.3-RELEASE, 10.4-RELEASE, and 10-STABLE]\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-17:07/wpa-10.patch.asc\n# gpg --verify wpa-10.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/11/                                                        r324697\nreleng/11.0/                                                      r324698\nreleng/11.1/                                                      r324699\nstable/10/                                                        r324739\nreleng/10.3/                                                      r324740\nreleng/10.4/                                                      r324741\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e\n\u003cURL:https://www.krackattacks.com/\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlnoGpNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD\nRjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P\nauc7WBAAm27w+fujv5sJsRxauUMopTVtRh5utwbDuoHTP+L+RCWmQfVBmueNQ0gf\nuJzMNxBIkbtY9LvyukpRsH3iD7mh26c0pd9rxxkkr4F96C9B5+W0amxJF1gdm54/\nF/50FpY+lo7cNs5tiBjypPrg8UOBBI/1G4XR7130XC0HjaTwt1ngZ0oQUWUMSsIp\ngN5ZfPul81WPWd1NqF+vyObcJhwq/Y1uoexoO27o7GQCFZoL3enZy8c4f1xqMlVM\n4HHkTgNGac6E0aW+ArH4J0DFFAOJXPqF8rdt+9XINfoBbtliIyOixJ4oh1n6eAR0\nVpBWZKFNyXSlUKIvDGa+LDhxgL1jJXV0ABSyKlUOijdmr3bbbiQE9MW/MNv2AFTd\nOAFQ0QQtm9KCWp5JLh+FPIb/kR2l7MOUP+yz4zFcJpdGtl9tDLyPN8vRTq60bY8O\ny7tBcf/SMqkd/AIFdchL4zrOguKnRARydIlwTarp8wtAQI3MKSsa1B0wgsDtlL6K\nxfdjnwWMKvKKlNOW16e1WXXO0n/ucHV4njBE+bGPro3jLgXP2/WFZpIGAR3I4xrr\nSdD4AxSNiR9f3bL7LRfMIbugJAylWNSlTLWUOVUv0/ONh85LqbcCj13NI230B64K\nETx2QOZgKnCs2oDNiw4aQHb7kvi2w94Iw/R1sAPkkxYJWO3reyE=\n=h/5q\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "PACKETSTORM",
            "id": "145272"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "db": "PACKETSTORM",
            "id": "145273"
          },
          {
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13080",
            "trust": 4.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "101274",
            "trust": 2.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-17420",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1039703",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039572",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039573",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039576",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039577",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039578",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039581",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039585",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-901333",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-003",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-005",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-114-01",
            "trust": 1.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-19-029-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-02",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-325-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383",
            "trust": 0.8
          },
          {
            "db": "JUNIPER",
            "id": "JSA10827",
            "trust": 0.8
          },
          {
            "db": "DLINK",
            "id": "SAP10075",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02A",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU94846424",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90609033",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3967",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4125",
            "trust": 0.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-45682",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-299-02",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "52CDA2A8-8175-413F-97BB-CF2E4C75F7C4",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145272",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144630",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144828",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145430",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145273",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144666",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145228",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144829",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144669",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "PACKETSTORM",
            "id": "145272"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "db": "PACKETSTORM",
            "id": "145273"
          },
          {
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "id": "VAR-201710-0207",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          }
        ],
        "trust": 1.3965711281818183
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          }
        ]
      },
      "last_update_date": "2024-07-23T20:12:56.623000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ARUBA-PSA-2017-007",
            "trust": 0.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "title": "DSA-3999",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2017/dsa-3999"
          },
          {
            "title": "FreeBSD-SA-17:07.wpa",
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "title": "LEN-17420",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/en/product_security/len-17420"
          },
          {
            "title": "NV17-024",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv17-024.html"
          },
          {
            "title": "openSUSE-SU-2017:2755",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
          },
          {
            "title": "SUSE-SU-2017:2745",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
          },
          {
            "title": "SUSE-SU-2017:2752",
            "trust": 0.8,
            "url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
          },
          {
            "title": "KRACKs - wpa_supplicant Multiple Vulnerabilities",
            "trust": 0.8,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "title": "RHSA-2017:2907",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "title": "RHSA-2017:2911",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "title": "CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability",
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-13080"
          },
          {
            "title": "USN-3455-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "title": "WPA packet number reuse with replayed messages and key reinstallation",
            "trust": 0.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "title": "Wi-Fi\u306e\u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306e\u8907\u6570\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.fujitsu.com/jp/products/network/support/2017/srm-01/index.html"
          },
          {
            "title": "CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability",
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-13080"
          },
          {
            "title": "WPA2\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u5f0a\u793e\u8abf\u67fb\u30fb\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wpa2/"
          },
          {
            "title": "\u7121\u7ddaLAN\u306e\u6697\u53f7\u5316\u901a\u4fe1\u898f\u683cWPA2\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://dynabook.com/assistpc/info/2017/201711_wpa2.htm"
          },
          {
            "title": "\u7121\u7ddaLAN \u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306e\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.fmworld.net/biz/common/info/20171110/"
          },
          {
            "title": "Patch for WPA2 Wireless Network GTK Group Key Reload Vulnerability (CNVD-2017-30403)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/103821"
          },
          {
            "title": "Multiple WiFi product WPA2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75497"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172911 - security advisory"
          },
          {
            "title": "Ubuntu Security Notice: linux-firmware vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3505-1"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172907 - security advisory"
          },
          {
            "title": "Red Hat: CVE-2017-13080",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-13080"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-13080"
          },
          {
            "title": "Apple: Wi-Fi Update for Boot Camp 6.4.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4dc3bb86865485e4364fd6b2dc2fc379"
          },
          {
            "title": "Apple: watchOS 4.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=345c3fa8a313cd9a1ced5ef372c465c4"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.6.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=43d8dcf7961e20b6ec02761d12969c19"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.7.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7ca8130f8030911575aa17c0e84114dd"
          },
          {
            "title": "Debian CVElist Bug Report Logs: firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2e0affd9108e95fa2aa2c706c74cd8a9"
          },
          {
            "title": "Ubuntu Security Notice: wpa vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3455-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3999-1 wpa -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=08990d9925276738bd732fa4d58f9ef0"
          },
          {
            "title": "Apple: tvOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7a8e908aff7c02a31b2d335766e6d5c2"
          },
          {
            "title": "HP: HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03582"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-23] hostapd: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-23"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-22] wpa_supplicant: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-22"
          },
          {
            "title": "HP: HPSBPI03574 rev. 1 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03574"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6df91267eee9400a24a98876f50ffe84"
          },
          {
            "title": "Apple: iOS 11.2",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=75d972e5e0d4b4019a5bb869f1befb00"
          },
          {
            "title": "HP: HPSBHF03697 rev. 1 - Intel\u00ae PROSet/Wireless WiFi Software November 2020 Security Updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03697"
          },
          {
            "title": "Apple: tvOS 11.2",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8d9ba2a4e31c3f4387eccea1c1dbc99c"
          },
          {
            "title": "Apple: watchOS 4.2",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8658f9579768b2f61d8a0c0f1d03ed58"
          },
          {
            "title": "Apple: iOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7814c280e80969d4c4d88f74b13290f2"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c29eb008bb212762e5cfb25c7c5c0d5"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8e90004e437eabc9a0809772bb0707c4"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20171016-wpa"
          },
          {
            "title": "HP: HPSBHF03571 rev. 6  -  Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03571"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=870f3f04ef17f7b183f74ae687a1561d"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
          },
          {
            "title": "vanhoefm-krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/84kaliplexon3/vanhoefm-krackattacks-scripts "
          },
          {
            "title": "krankattack",
            "trust": 0.1,
            "url": "https://github.com/devkosov/krankattack "
          },
          {
            "title": "krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/vanhoefm/krackattacks-scripts "
          },
          {
            "title": "KRACK",
            "trust": 0.1,
            "url": "https://github.com/chinatso/krack "
          },
          {
            "title": "krackinfo",
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo "
          },
          {
            "title": "nixos-issue-db-example",
            "trust": 0.1,
            "url": "https://github.com/andir/nixos-issue-db-example "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/11/07/android_november_security_update/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://www.krackattacks.com/"
          },
          {
            "trust": 3.5,
            "url": "http://www.securityfocus.com/bid/101274"
          },
          {
            "trust": 3.3,
            "url": "https://source.android.com/security/bulletin/2017-11-01"
          },
          {
            "trust": 2.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171016-wpa"
          },
          {
            "trust": 2.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-13080"
          },
          {
            "trust": 2.5,
            "url": "http://www.debian.org/security/2017/dsa-3999"
          },
          {
            "trust": 2.5,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/228519"
          },
          {
            "trust": 2.1,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "trust": 2.0,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039585"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039581"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039578"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039577"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039573"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039572"
          },
          {
            "trust": 1.7,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-17420"
          },
          {
            "trust": 1.7,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 1.7,
            "url": "http://www.ubuntu.com/usn/usn-3455-1"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039703"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201711-03"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208222"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208221"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208220"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208219"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208334"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208327"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208325"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "trust": 1.7,
            "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03792en_us"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html"
          },
          {
            "trust": 1.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-114-01"
          },
          {
            "trust": 1.1,
            "url": "https://papers.mathyvanhoef.com/ccs2017.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://w1.fi/security/2017-1/"
          },
          {
            "trust": 1.1,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00101\u0026languageid=en-fr"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-02"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-325-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-19-029-01"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/323.html"
          },
          {
            "trust": 0.8,
            "url": "https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-krack-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://www3.aerohive.com/support/security-bulletins/product-security-announcement-aerohives-response-to-krack-10162017.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.al-enterprise.com/en/support/security-alert-krack"
          },
          {
            "trust": 0.8,
            "url": "https://support.apple.com/en-gb/ht208222"
          },
          {
            "trust": 0.8,
            "url": "https://security.archlinux.org/avg-447"
          },
          {
            "trust": 0.8,
            "url": "https://www.asus.com/static_webpage/asus-product-security-advisory/"
          },
          {
            "trust": 0.8,
            "url": "https://community.barracudanetworks.com/forum/index.php?/topic/23525-security-advisories/page-2"
          },
          {
            "trust": 0.8,
            "url": "https://lists.centos.org/pipermail/centos-announce/2017-october/022569.html"
          },
          {
            "trust": 0.8,
            "url": "https://community.cypress.com/docs/doc-13871"
          },
          {
            "trust": 0.8,
            "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10075"
          },
          {
            "trust": 0.8,
            "url": "http://www.dell.com/support/article/sln307822"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/espressif/esp8266_nonos_sdk"
          },
          {
            "trust": 0.8,
            "url": "https://extremeportal.force.com/extrarticledetail?n=000018005"
          },
          {
            "trust": 0.8,
            "url": "https://bodhi.fedoraproject.org/updates/fedora-2017-60bfb576b7"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/psirt/fg-ir-17-196"
          },
          {
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 0.8,
            "url": "https://bugs.gentoo.org/634440"
          },
          {
            "trust": 0.8,
            "url": "https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null\u0026doclocale=en_us\u0026docid=emr_na-a00029151en_us"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10827"
          },
          {
            "trust": 0.8,
            "url": "https://support.lenovo.com/ca/en/product_security/len-17420"
          },
          {
            "trust": 0.8,
            "url": "http://www.microchip.com/wwwproducts/en/atwinc1500"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html"
          },
          {
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049498/security-advisory-for-wpa-2-vulnerabilities-psv-2017-2826-psv-2017-2836-psv-2017-2837"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/t/security-advisory-wpa2-vulnerability-vu-228519/12715"
          },
          {
            "trust": 0.8,
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.0.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.suse.com/de-de/support/kb/doc/?id=7022107"
          },
          {
            "trust": 0.8,
            "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---wpa-and-wpa2-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/changelog/stable.php?cpu=x86_64"
          },
          {
            "trust": 0.8,
            "url": "https://community.sophos.com/kb/en-us/127658"
          },
          {
            "trust": 0.8,
            "url": "https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rzrnc8igeiz_sw8egqhjcdmmwr8abw2dqcnfoyqotidrrk399uxrrwotuzgws7a87y6z88iuzmcq2u4uwcnlzypjnjj5-exr_wnhya-laxtrid-j3uchdtb8gylmuw6qzgktovtowsrrqlrs6-8dbeqhwc1mykqnlabgdjlf1yjvn7i5af4qtdwsn2tri7j"
          },
          {
            "trust": 0.8,
            "url": "http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm"
          },
          {
            "trust": 0.8,
            "url": "http://support.toshiba.com/support/staticcontentdetail?contentid=4015875\u0026isfromtoclink=false"
          },
          {
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/unifi-updates-blog/firmware-3-9-3-7537-for-uap-usw-has-been-released/ba-p/2099365"
          },
          {
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "trust": 0.8,
            "url": "http://en.miui.com/thread-954223-1-1.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.zebra.com/content/dam/zebra_new_ia/en-us/support-and-downloads/lifeguard-security/krack-security-bulletin.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_wpa2_key_management.shtml"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk120938"
          },
          {
            "trust": 0.8,
            "url": "https://community.rsa.com/docs/doc-84103"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k23642330"
          },
          {
            "trust": 0.8,
            "url": "https://forum.mikrotik.com/viewtopic.php?f=21\u0026t=126695"
          },
          {
            "trust": 0.8,
            "url": "https://community.linksys.com/t5/wireless-routers/krack-vulnerability/td-p/1218573"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13080"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02a"
          },
          {
            "trust": 0.8,
            "url": "https://www.ipa.go.jp/security/ciadr/vul/20171017_wpa2.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu90609033/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94846424/"
          },
          {
            "trust": 0.8,
            "url": "https://www.kb.cert.org/vuls/id/cheu-aqnmyp"
          },
          {
            "trust": 0.6,
            "url": "https://www.kb.cert.org/vuls/id/228519/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3967/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
          },
          {
            "trust": 0.6,
            "url": "https://support.lenovo.com/us/en/product_security/len-45682"
          },
          {
            "trust": 0.5,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.5,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/stevenhoneyman/wpa_gui/tree/master/wpa_supplicant-2.4"
          },
          {
            "trust": 0.3,
            "url": "http://www.wi-fi.org/index.php"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-ie/ht208847"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208334"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208327"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208325"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00009.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00008.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00000.html"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13077"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13078"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13080"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13081"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13082"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13084"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13086"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13087"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13088"
          },
          {
            "trust": 0.3,
            "url": "http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-299-02"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13865"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13868"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13876"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13862"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13869"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13833"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13861"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13867"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13855"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13081"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/kb/ht204641"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13082"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13088"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13087"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13086"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13077"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13079"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13078"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13799"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13849"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13804"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/3505-1/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13798"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13796"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13803"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13793"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13791"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13792"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13795"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13785"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13784"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13794"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13783"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13788"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13866"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7156"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13856"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13870"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7157"
          },
          {
            "trust": 0.1,
            "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
          },
          {
            "trust": 0.1,
            "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://www.pgp.com"
          },
          {
            "trust": 0.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance"
          },
          {
            "trust": 0.1,
            "url": "https://support.microsoft.com/"
          },
          {
            "trust": 0.1,
            "url": "https://technet.microsoft.com/security/dn753714\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.169.1"
          },
          {
            "trust": 0.1,
            "url": "https://www.ubuntu.com/usn/usn-3505-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.164.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.157.14"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.127.24"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.krackattacks.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-11.patch"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-17:07/wpa-10.patch"
          },
          {
            "trust": 0.1,
            "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\u003e"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "PACKETSTORM",
            "id": "145272"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "db": "PACKETSTORM",
            "id": "145273"
          },
          {
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "db": "PACKETSTORM",
            "id": "145272"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "db": "PACKETSTORM",
            "id": "145273"
          },
          {
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-17T00:00:00",
            "db": "IVD",
            "id": "52cda2a8-8175-413f-97bb-cf2e4c75f7c4"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2017-11-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "date": "2017-12-08T15:55:55",
            "db": "PACKETSTORM",
            "id": "145272"
          },
          {
            "date": "2017-10-16T13:49:34",
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "date": "2017-11-01T15:44:40",
            "db": "PACKETSTORM",
            "id": "144828"
          },
          {
            "date": "2017-12-15T04:44:44",
            "db": "PACKETSTORM",
            "id": "145430"
          },
          {
            "date": "2017-12-08T14:55:55",
            "db": "PACKETSTORM",
            "id": "145273"
          },
          {
            "date": "2017-10-18T10:11:11",
            "db": "PACKETSTORM",
            "id": "144666"
          },
          {
            "date": "2017-12-06T22:22:00",
            "db": "PACKETSTORM",
            "id": "145228"
          },
          {
            "date": "2017-11-01T15:46:36",
            "db": "PACKETSTORM",
            "id": "144829"
          },
          {
            "date": "2017-10-19T14:28:55",
            "db": "PACKETSTORM",
            "id": "144669"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "date": "2017-10-17T13:29:00.397000",
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30403"
          },
          {
            "date": "2020-11-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13080"
          },
          {
            "date": "2019-02-21T09:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2019-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009173"
          },
          {
            "date": "2021-12-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          },
          {
            "date": "2020-11-10T21:15:12.267000",
            "db": "NVD",
            "id": "CVE-2017-13080"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-383"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201008-0241

    Vulnerability from variot - Updated: 2024-07-23 19:34

    Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability.". Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. dwmapi.dll It may be possible to get permission through the file. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. " Opera Software "and" Adobe Vulnerability information on " : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Microsoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected. Microsoft Visual Studio is a series of development tool suite products of Microsoft (Microsoft), and it is also a basically complete set of development tools. It includes most of the tools needed throughout the software lifecycle. A remote attacker could exploit this vulnerability to take complete control of an affected system and subsequently install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured with fewer system user rights are less affected than users with administrative user rights. ----------------------------------------------------------------------

    Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/


    TITLE: Attachmate Reflection for Secure IT Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA44906

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44906

    RELEASE DATE: 2011-06-10

    DISCUSS ADVISORY: http://secunia.com/advisories/44906/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/44906/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=44906

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Attachmate has acknowledged multiple vulnerabilities in Reflection for Secure IT, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.

    For more information: SA36093 (vulnerability #2) SA44905

    The vulnerabilities are reported in version 7.2 prior to SP1 in the following components: * Reflection for Secure IT Windows Server. * Reflection for Secure IT UNIX Client. * Reflection for Secure IT UNIX Server.

    SOLUTION: Update to version 7.2 SP1.

    ORIGINAL ADVISORY: Attachmate: http://support.attachmate.com/techdocs/2560.html http://support.attachmate.com/techdocs/2564.html http://support.attachmate.com/techdocs/2565.html http://support.attachmate.com/techdocs/2566.html

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2015-09-16-3 iTunes 12.3

    iTunes 12.3 is now available and addresses the following:

    iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1157 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

    iTunes Available for: Windows 7 and later Impact: Applications that use ICU may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of unicode strings. These issues were addressed by updating ICU to version 55. CVE-ID CVE-2014-8146 CVE-2015-1205

    iTunes Available for: Windows 7 and later Impact: Opening a media file may lead to arbitrary code execution Description: A security issue existed in Microsoft Foundation Class's handling of library loading. This issue was addressed by updating to the latest version of the Microsoft Visual C++ Redistributable Package. CVE-ID CVE-2010-3190 : Stefan Kanthak

    iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1152 : Apple CVE-2015-1153 : Apple CVE-2015-3730 : Apple CVE-2015-3731 : Apple CVE-2015-3733 : Apple CVE-2015-3734 : Apple CVE-2015-3735 : Apple CVE-2015-3736 : Apple CVE-2015-3737 : Apple CVE-2015-3738 : Apple CVE-2015-3739 : Apple CVE-2015-3740 : Apple CVE-2015-3741 : Apple CVE-2015-3742 : Apple CVE-2015-3743 : Apple CVE-2015-3744 : Apple CVE-2015-3745 : Apple CVE-2015-3746 : Apple CVE-2015-3747 : Apple CVE-2015-3748 : Apple CVE-2015-3749 : Apple CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5791 : Apple CVE-2015-5792 : Apple CVE-2015-5793 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5798 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5808 : Joe Vennix CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5814 : Apple CVE-2015-5815 : Apple CVE-2015-5816 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple

    Software Update Impact: An attacker in a privileged network position may be able to obtain encrypted SMB credentials Description: A redirection issue existed in the handling of certain network connections. This issue was addressed through improved resource validation. CVE-ID CVE-2015-5920 : Cylance

    iTunes 12.3 may be obtained from: http://www.apple.com/itunes/download/

    You may also update to the latest version of iTunes via Apple Software Update, which can be found in the Start menu.

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

    iQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/ iqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal aGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp mV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2 5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr 7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5 yCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7 LFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH mKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL vHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt jHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo dL48EUi+MBq820BzP1fp =cz5N -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0241",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "visual studio",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "microsoft",
            "version": "2005"
          },
          {
            "model": "visual studio",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "visual studio",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "microsoft",
            "version": "2010"
          },
          {
            "model": "visual c\\+\\+",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "visual c\\+\\+",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microsoft",
            "version": "2010"
          },
          {
            "model": "visual c\\+\\+",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microsoft",
            "version": "2005"
          },
          {
            "model": "visual studio .net",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.1.3"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "abvent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adobe",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "atomix productions",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "autodesk",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avast antivirus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bentley",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bittorrent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "bitmanagement",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "conceiva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "corel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cyberlink",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "daemon tools",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dassault systemes",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "divx",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ezb",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ecava",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fengtao",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gfi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "graphisoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gilles vollant",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "guidance",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "httrack",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "izarc",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "inkscape",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "maxthon",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netstumbler",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nokia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "norman",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nullsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pgp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pkware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pixia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "realnetworks",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sisoftware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "smart projects",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonic",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sweetscape",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "teamviewer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "techsmith",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tortoisesvn",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tracker",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "videolan",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "winmerge",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wireshark",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wolters kluwer",
            "version": null
          },
          {
            "model": "itunes",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apple",
            "version": "12.3   (windows 7 or later )"
          },
          {
            "model": "visual c++",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "2005"
          },
          {
            "model": "visual c++",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "visual c++",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "2010"
          },
          {
            "model": "visual studio",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": ".net 2003"
          },
          {
            "model": "lhaforge",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "claybird",
            "version": "1.5.1 and earlier"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.3"
          },
          {
            "model": "enterprisedirectoryserver",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.4"
          },
          {
            "model": "securebranch",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "soho xp dedicated application  securebranch accessmanager ver2.2.18 before"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.4"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.2"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.2"
          },
          {
            "model": "explzh",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "pon",
            "version": "v.5.65 and earlier"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "9"
          },
          {
            "model": "securebranch",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "soho vista dedicated application  securebranch accessmanager ver3.0.13 before"
          },
          {
            "model": "lunascape",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "lunascape",
            "version": "6.3.0 and earlier"
          },
          {
            "model": "securefinger",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "fingerprint authentication runtime ( c / s edition) all versions"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "client v7.1"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.5"
          },
          {
            "model": "esmpro/serveragentservice",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "lhmelt",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "micco",
            "version": "1.65.1.2 and earlier"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "download server v7.1"
          },
          {
            "model": "esmpro/serveragent",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "client  v5.3"
          },
          {
            "model": "terapad",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "terao progress",
            "version": "ver.1.00\\u3000 and earlier"
          },
          {
            "model": "sleipnir",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fenrir",
            "version": "2.9.5 and earlier"
          },
          {
            "model": "securefinger",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "fingerprint authentication utility ad all versions"
          },
          {
            "model": "lhaplus",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "schezo",
            "version": "1.57 and earlier"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v6.3"
          },
          {
            "model": "infoframe documentskipper",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "downloader  v5.3"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "download contents v8.2"
          },
          {
            "model": "visual studio sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2010"
          },
          {
            "model": "visual studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20100"
          },
          {
            "model": "visual studio sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "visual studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "model": "visual studio team edition for testers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "visual studio team edition for developers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "visual studio team edition for architects",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "visual studio team edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "visual studio standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "visual studio professional edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "visual studio premier partner edition enu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2005-8.0.50727.42"
          },
          {
            "model": "visual studio 64-bit hosted visual c++ tools sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2005"
          },
          {
            "model": "visual studio sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2005"
          },
          {
            "model": "visual studio .net",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "visual studio .net enterprise architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "model": "visual studio .net sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2003"
          },
          {
            "model": "visual c++ redistributable package sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2010"
          },
          {
            "model": "visual c++ redistributable package",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20100"
          },
          {
            "model": "visual c++ redistributable package sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "visual c++ redistributable package",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20080"
          },
          {
            "model": "visual c++ redistributable package sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2005"
          },
          {
            "model": "visual c++ redistributable package",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20050"
          },
          {
            "model": "exchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20160"
          },
          {
            "model": "exchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20130"
          },
          {
            "model": "exchange server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2010"
          },
          {
            "model": "atl/mfc trace tool build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "10.0.30319.1"
          },
          {
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5"
          },
          {
            "model": "messaging application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4"
          },
          {
            "model": "meeting exchange webportal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-6.0"
          },
          {
            "model": "meeting exchange web conferencing server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "model": "meeting exchange streaming server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "model": "meeting exchange recording server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "model": "meeting exchange client registration server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "-0"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0.0.52"
          },
          {
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "communication server telephony manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "10004.0"
          },
          {
            "model": "communication server telephony manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "10003.0"
          },
          {
            "model": "callpilot",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "callpilot",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "aura conferencing standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "aura conferencing sp1 standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "model": "reflection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "x2011"
          },
          {
            "model": "reflection suite for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "x2011"
          },
          {
            "model": "reflection for secure it windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.2"
          },
          {
            "model": "reflection for secure it windows server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "reflection for secure it windows server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "reflection for secure it windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "6.0"
          },
          {
            "model": "reflection for secure it unix server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.2"
          },
          {
            "model": "reflection for secure it unix server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "reflection for secure it unix server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "6.0"
          },
          {
            "model": "reflection for secure it unix client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.2"
          },
          {
            "model": "reflection for secure it unix client sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "reflection for secure it unix client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "6.0"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1.5"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1.4"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1.3"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.0.5"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.0.4"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.0.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.6.3"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.6.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.5.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.0.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.0.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.0"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.3.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.3"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.0.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0.5"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0.4"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.0"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "5.0"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.8"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.7.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.6"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.5"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2.72"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.2.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.1.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "9.0.3"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "8.0.2.20"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.4"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "12.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "12.0.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.0.3"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.0.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.0.0.163"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.0"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.7"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.6.1.7"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.6"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.5.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.5.1.42"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.5"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.4.1.10"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.4.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.4.0.80"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.4"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.2.12"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.1.4"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "itunes",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10"
          },
          {
            "model": "reflection for secure it windows server sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.2"
          },
          {
            "model": "reflection for secure it unix server sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.2"
          },
          {
            "model": "reflection for secure it unix client sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.2"
          },
          {
            "model": "itunes",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "12.3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "BID",
            "id": "42811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "0xjudd",
        "sources": [
          {
            "db": "BID",
            "id": "42811"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-3190",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2010-3190",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-45795",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-3190",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#707943",
                "trust": 0.8,
                "value": "64.13"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201008-381",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-45795",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\". Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs.  As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. dwmapi.dll It may be possible to get permission through the file. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. \" Opera Software \"and\" Adobe Vulnerability information on \" : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. \nMicrosoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected. Microsoft Visual Studio is a series of development tool suite products of Microsoft (Microsoft), and it is also a basically complete set of development tools. It includes most of the tools needed throughout the software lifecycle. A remote attacker could exploit this vulnerability to take complete control of an affected system and subsequently install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured with fewer system user rights are less affected than users with administrative user rights. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAttachmate Reflection for Secure IT Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44906\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44906/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906\n\nRELEASE DATE:\n2011-06-10\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44906/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44906/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nAttachmate has acknowledged multiple vulnerabilities in Reflection\nfor Secure IT, which can be exploited by malicious people to bypass\ncertain security restrictions, cause a DoS (Denial of Service), and\ncompromise a user\u0027s system. \n\nFor more information:\nSA36093 (vulnerability #2)\nSA44905\n\nThe vulnerabilities are reported in version 7.2 prior to SP1 in the\nfollowing components:\n* Reflection for Secure IT Windows Server. \n* Reflection for Secure IT UNIX Client. \n* Reflection for Secure IT UNIX Server. \n\nSOLUTION:\nUpdate to version 7.2 SP1. \n\nORIGINAL ADVISORY:\nAttachmate:\nhttp://support.attachmate.com/techdocs/2560.html\nhttp://support.attachmate.com/techdocs/2564.html\nhttp://support.attachmate.com/techdocs/2565.html\nhttp://support.attachmate.com/techdocs/2566.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-3 iTunes 12.3\n\niTunes 12.3 is now available and addresses the following:\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  Applications that use CoreText may be vulnerable to\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-1157 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  Applications that use ICU may be vulnerable to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of unicode strings. These issues were addressed by\nupdating ICU to version 55. \nCVE-ID\nCVE-2014-8146\nCVE-2015-1205\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  Opening a media file may lead to arbitrary code execution\nDescription:  A security issue existed in Microsoft Foundation\nClass\u0027s handling of library loading. This issue was addressed by\nupdating to the latest version of the Microsoft Visual C++\nRedistributable Package. \nCVE-ID\nCVE-2010-3190 : Stefan Kanthak\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may result in unexpected application termination or\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1152 : Apple\nCVE-2015-1153 : Apple\nCVE-2015-3730 : Apple\nCVE-2015-3731 : Apple\nCVE-2015-3733 : Apple\nCVE-2015-3734 : Apple\nCVE-2015-3735 : Apple\nCVE-2015-3736 : Apple\nCVE-2015-3737 : Apple\nCVE-2015-3738 : Apple\nCVE-2015-3739 : Apple\nCVE-2015-3740 : Apple\nCVE-2015-3741 : Apple\nCVE-2015-3742 : Apple\nCVE-2015-3743 : Apple\nCVE-2015-3744 : Apple\nCVE-2015-3745 : Apple\nCVE-2015-3746 : Apple\nCVE-2015-3747 : Apple\nCVE-2015-3748 : Apple\nCVE-2015-3749 : Apple\nCVE-2015-5789 : Apple\nCVE-2015-5790 : Apple\nCVE-2015-5791 : Apple\nCVE-2015-5792 : Apple\nCVE-2015-5793 : Apple\nCVE-2015-5794 : Apple\nCVE-2015-5795 : Apple\nCVE-2015-5796 : Apple\nCVE-2015-5797 : Apple\nCVE-2015-5798 : Apple\nCVE-2015-5799 : Apple\nCVE-2015-5800 : Apple\nCVE-2015-5801 : Apple\nCVE-2015-5802 : Apple\nCVE-2015-5803 : Apple\nCVE-2015-5804 : Apple\nCVE-2015-5805\nCVE-2015-5806 : Apple\nCVE-2015-5807 : Apple\nCVE-2015-5808 : Joe Vennix\nCVE-2015-5809 : Apple\nCVE-2015-5810 : Apple\nCVE-2015-5811 : Apple\nCVE-2015-5812 : Apple\nCVE-2015-5813 : Apple\nCVE-2015-5814 : Apple\nCVE-2015-5815 : Apple\nCVE-2015-5816 : Apple\nCVE-2015-5817 : Apple\nCVE-2015-5818 : Apple\nCVE-2015-5819 : Apple\nCVE-2015-5821 : Apple\nCVE-2015-5822 : Mark S. Miller of Google\nCVE-2015-5823 : Apple\n\nSoftware Update\nImpact:  An attacker in a privileged network position may be able to\nobtain encrypted SMB credentials\nDescription:  A redirection issue existed in the handling of certain\nnetwork connections. This issue was addressed through improved\nresource validation. \nCVE-ID\nCVE-2015-5920 : Cylance\n\n\niTunes 12.3 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nYou may also update to the latest version of iTunes via Apple\nSoftware Update, which can be found in the Start menu. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/\niqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal\naGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp\nmV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2\n5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr\n7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5\nyCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7\nLFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH\nmKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL\nvHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt\njHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo\ndL48EUi+MBq820BzP1fp\n=cz5N\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "BID",
            "id": "42811"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "db": "PACKETSTORM",
            "id": "102169"
          },
          {
            "db": "PACKETSTORM",
            "id": "133618"
          }
        ],
        "trust": 3.6
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-45795",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-3190",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "42811",
            "trust": 2.8
          },
          {
            "db": "USCERT",
            "id": "TA11-102A",
            "trust": 2.5
          },
          {
            "db": "SECUNIA",
            "id": "41212",
            "trust": 2.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#707943",
            "trust": 1.6
          },
          {
            "db": "USCERT",
            "id": "TA10-238A",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "44906",
            "trust": 0.9
          },
          {
            "db": "BID",
            "id": "1699",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "44905",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "40983",
            "trust": 0.8
          },
          {
            "db": "SECTRACK",
            "id": "1025630",
            "trust": 0.8
          },
          {
            "db": "SECTRACK",
            "id": "1025346",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA11-102A",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99970459",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "133618",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-45795",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "102169",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "db": "BID",
            "id": "42811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "PACKETSTORM",
            "id": "102169"
          },
          {
            "db": "PACKETSTORM",
            "id": "133618"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "id": "VAR-201008-0241",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T19:34:29.934000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "APPLE-SA-2015-09-16-3 iTunes 12.3",
            "trust": 0.8,
            "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html"
          },
          {
            "title": "HT205221",
            "trust": 0.8,
            "url": "https://support.apple.com/en-us/ht205221"
          },
          {
            "title": "HT205221",
            "trust": 0.8,
            "url": "http://support.apple.com/ja-jp/ht205221"
          },
          {
            "title": "MS11-025",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx"
          },
          {
            "title": "MS11-025",
            "trust": 0.8,
            "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms11-025.mspx"
          },
          {
            "title": "MS11-025e",
            "trust": 0.8,
            "url": "http://www.microsoft.com/japan/security/bulletins/ms11-025e.mspx"
          },
          {
            "title": "TA11-102A",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta11-102a.html"
          },
          {
            "title": "HT4105",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/ht4105"
          },
          {
            "title": "HT4105",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/ht4105?viewlocale=ja_jp"
          },
          {
            "title": "Opera Software\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu707943/844993/index.html"
          },
          {
            "title": "Adobe\u304b\u3089\u306e\u60c5\u5831",
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu707943/244523/index.html"
          },
          {
            "title": "LhaForge",
            "trust": 0.8,
            "url": "http://claybird.sakura.ne.jp/garage/lhaforge/index.html"
          },
          {
            "title": "2010.2F9.2F7_ver_6.3.1",
            "trust": 0.8,
            "url": "http://lunapedia.lunascape.jp/index.php?title=lunascape6#2010.2f9.2f7_ver_6.3.1"
          },
          {
            "title": "Another technique for Fixing DLL Preloading attacks",
            "trust": 0.8,
            "url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
          },
          {
            "title": "More information about the DLL Preloading remote attack vector",
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
          },
          {
            "title": "Secure loading of libraries to prevent DLL preloading attacks - Guidance for Software Developers\u3000(Word \u6587\u66f8)",
            "trust": 0.8,
            "url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-21/secure-loading-of-libraries-to-prevent-dll-preloading.docx"
          },
          {
            "title": "Dynamic-Link Library Security",
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/ja-jp/library/ff919712%28v=vs.85%29.aspx"
          },
          {
            "title": "2269637",
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
          },
          {
            "title": "Load Library Safely",
            "trust": 0.8,
            "url": "https://blogs.technet.microsoft.com/srd/2014/05/13/load-library-safely/"
          },
          {
            "title": "DLL \u691c\u7d22\u30d1\u30b9\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u5236\u5fa1\u3059\u308b\u65b0\u3057\u3044 CWDIllegalInDllSearch \u30ec\u30b8\u30b9\u30c8\u30ea\u30a8\u30f3\u30c8\u30ea\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://support.microsoft.com/kb/2264107"
          },
          {
            "title": "NV11-003",
            "trust": 0.8,
            "url": "http://www.nec.co.jp/security-info/secinfo/nv11-003.html"
          },
          {
            "title": "Microsoft Windows \u306b\u304a\u3051\u308b DLL \u8aad\u307f\u8fbc\u307f\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "http://www.ponsoftware.com/archiver/bug.htm#load_lib"
          },
          {
            "title": "\u691c\u7d22\u30d1\u30b9\u306e\u554f\u984c\u306b\u8d77\u56e0\u3059\u308b\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www5f.biglobe.ne.jp/~t-susumu"
          },
          {
            "title": "MHSVI#20100824",
            "trust": 0.8,
            "url": "http://homepage3.nifty.com/micco/vul/2010/mhsvi20100824.htm"
          },
          {
            "title": "sleipnirsleipnir_295",
            "trust": 0.8,
            "url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html"
          },
          {
            "title": "2269637",
            "trust": 0.8,
            "url": "https://www.microsoft.com/japan/technet/security/advisory/2269637.mspx"
          },
          {
            "title": "\u65b0\u305f\u306a\u30ea\u30e2\u30fc\u30c8\u306e\u653b\u6483\u624b\u6cd5\u306b\u95a2\u3059\u308b\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea 2269637 \u3092\u516c\u958b",
            "trust": 0.8,
            "url": "http://blogs.technet.com/b/jpsecurity/archive/2010/08/24/3351474.aspx"
          },
          {
            "title": "\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u5b89\u5168\u306b\u30ed\u30fc\u30c9\u3057\u3066 DLL \u306e\u30d7\u30ea\u30ed\u30fc\u30c9\u653b\u6483\u3092\u9632\u3050 - \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u958b\u767a\u8005\u5411\u3051\u30ac\u30a4\u30c0\u30f3\u30b9 (Word \u6587\u66f8)",
            "trust": 0.8,
            "url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-74/secure-loading-of-libraries-to-prevent-dll-preloading_5f00_j.docx"
          },
          {
            "title": "TA10-238A",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-238a.html"
          },
          {
            "title": "Microsoft ATL/MFC Tracking tool DLL Fixing measures for loading code bugs",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134164"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-426",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/42811"
          },
          {
            "trust": 2.5,
            "url": "http://www.us-cert.gov/cas/techalerts/ta11-102a.html"
          },
          {
            "trust": 2.0,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2010-3190"
          },
          {
            "trust": 1.7,
            "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht205221"
          },
          {
            "trust": 1.7,
            "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
          },
          {
            "trust": 1.7,
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
          },
          {
            "trust": 1.7,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12457"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/41212"
          },
          {
            "trust": 1.6,
            "url": "http://jvn.jp/cert/jvnta10-238a"
          },
          {
            "trust": 1.1,
            "url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
          },
          {
            "trust": 1.1,
            "url": "http://blog.rapid7.com/?p=5325"
          },
          {
            "trust": 1.1,
            "url": "https://www.microsoft.com/technet/security/advisory/2269637.mspx"
          },
          {
            "trust": 1.1,
            "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/44906/"
          },
          {
            "trust": 0.8,
            "url": "http://www.cert.org/blogs/vuls/2008/09/carpet_bombing_and_directory_p.html"
          },
          {
            "trust": 0.8,
            "url": "http://blog.mandiant.com/archives/1207"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/en-us/library/aa297182"
          },
          {
            "trust": 0.8,
            "url": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html"
          },
          {
            "trust": 0.8,
            "url": "http://msdn.microsoft.com/en-us/library/ms684175%28vs.85%29.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-1-pub.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-2-pub.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.acrossecurity.com/aspr/aspr-2010-08-18-1-pub.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/1699/discuss"
          },
          {
            "trust": 0.8,
            "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/cse-2010-2.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
          },
          {
            "trust": 0.8,
            "url": "http://support.microsoft.com/kb/2264107"
          },
          {
            "trust": 0.8,
            "url": "http://www.guninski.com/officedll.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3190"
          },
          {
            "trust": 0.8,
            "url": "https://www.jpcert.or.jp/at/2011/at110008.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta11-102a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99970459/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/jvntr-2010-23"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3190"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/40983/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/41212/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/44905/"
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id/1025630"
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id/1025346"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa11-102a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.npa.go.jp/cyberpolice/important/topics-bn.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.ipa.go.jp/about/press/20101111.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu707943"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/jvntr-2010-23/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta10-238a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/707943"
          },
          {
            "trust": 0.4,
            "url": "http://support.attachmate.com/techdocs/2566.html"
          },
          {
            "trust": 0.4,
            "url": "http://support.attachmate.com/techdocs/2564.html"
          },
          {
            "trust": 0.4,
            "url": "http://support.attachmate.com/techdocs/2560.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com"
          },
          {
            "trust": 0.3,
            "url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-us/ht205221"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100133982"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com/en-us/download/details.aspx?id=27049"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://conference.first.org/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/44906/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://support.attachmate.com/techdocs/2565.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3733"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3741"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3687"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3730"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3688"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3190"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3686"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3748"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3749"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3738"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3744"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1152"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3746"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3742"
          },
          {
            "trust": 0.1,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3740"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3743"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3747"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3735"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3737"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3745"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3739"
          },
          {
            "trust": 0.1,
            "url": "http://www.apple.com/itunes/download/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "db": "BID",
            "id": "42811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "PACKETSTORM",
            "id": "102169"
          },
          {
            "db": "PACKETSTORM",
            "id": "133618"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "db": "BID",
            "id": "42811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "db": "PACKETSTORM",
            "id": "102169"
          },
          {
            "db": "PACKETSTORM",
            "id": "133618"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-08-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "date": "2010-08-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "date": "2010-08-27T00:00:00",
            "db": "BID",
            "id": "42811"
          },
          {
            "date": "2011-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "date": "2010-09-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "date": "2011-06-10T12:17:07",
            "db": "PACKETSTORM",
            "id": "102169"
          },
          {
            "date": "2015-09-19T15:35:19",
            "db": "PACKETSTORM",
            "id": "133618"
          },
          {
            "date": "2010-08-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          },
          {
            "date": "2010-08-31T20:00:02.297000",
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#707943"
          },
          {
            "date": "2018-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-45795"
          },
          {
            "date": "2018-10-09T19:00:00",
            "db": "BID",
            "id": "42811"
          },
          {
            "date": "2015-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001916"
          },
          {
            "date": "2016-11-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001999"
          },
          {
            "date": "2021-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          },
          {
            "date": "2020-11-16T19:33:52.007000",
            "db": "NVD",
            "id": "CVE-2010-3190"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Microsoft Windows based applications may insecurely load dynamic libraries",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#707943"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-381"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201710-0206

    Vulnerability from variot - Updated: 2024-07-23 19:26

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or "KRACK" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a PTK-TK key reload vulnerability in the fourth handshake. WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: wpa_supplicant security update Advisory ID: RHSA-2017:2907-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2907 Issue date: 2017-10-17 CVE Names: CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 =====================================================================

    1. Summary:

    An update for wpa_supplicant is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake 1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake 1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake 1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it 1500302 - CVE-2017-13086 wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake 1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame 1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    aarch64: wpa_supplicant-2.6-5.el7_4.1.aarch64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm

    ppc64: wpa_supplicant-2.6-5.el7_4.1.ppc64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm

    ppc64le: wpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm

    s390x: wpa_supplicant-2.6-5.el7_4.1.s390x.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: wpa_supplicant-2.6-5.el7_4.1.src.rpm

    x86_64: wpa_supplicant-2.6-5.el7_4.1.x86_64.rpm wpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2017-13077 https://access.redhat.com/security/cve/CVE-2017-13078 https://access.redhat.com/security/cve/CVE-2017-13080 https://access.redhat.com/security/cve/CVE-2017-13082 https://access.redhat.com/security/cve/CVE-2017-13086 https://access.redhat.com/security/cve/CVE-2017-13087 https://access.redhat.com/security/cve/CVE-2017-13088 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kracks

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFZ5nilXlSAg2UNWIIRAu7RAJwO3CwWfh61xybvjdxlG0Iqd17JpwCcD5FK 5vz/c6aXRYIJEjVFKVqkVU0= =rSjV -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9

    AirPort Base Station Firmware Update 7.7.9 is now available and addresses the following:

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Firmware version 7.7.9 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.

    AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

    Installation note:

    Wi-Fi Update for Boot Camp 6.4.0 may be obtained from Apple Software Update for Windows. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).

    An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.

    For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.

    For the testing distribution (buster), these problems have been fixed in version 2:2.4-1.1.

    For the unstable distribution (sid), these problems have been fixed in version 2:2.4-1.1.

    We recommend that you upgrade your wpa packages. ========================================================================== Ubuntu Security Notice USN-3455-1 October 16, 2017

    wpa vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.04
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Summary:

    Several security issues were fixed in wpa_supplicant.

    Software Description: - wpa: client support for WPA and WPA2

    Details:

    Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly handled WPA2. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A remote attacker could use this issue to cause a denial of service. (CVE-2016-4476)

    Imre Rad discovered that wpa_supplicant and hostapd incorrectly handled invalid characters in passphrase parameters. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-4477)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 17.04: hostapd 2.4-0ubuntu9.1 wpasupplicant 2.4-0ubuntu9.1

    Ubuntu 16.04 LTS: hostapd 2.4-0ubuntu6.2 wpasupplicant 2.4-0ubuntu6.2

    Ubuntu 14.04 LTS: hostapd 2.1-0ubuntu1.5 wpasupplicant 2.1-0ubuntu1.5

    After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201711-03


                                           https://security.gentoo.org/
    

    Severity: Normal Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK) attacks Date: November 10, 2017 Bugs: #634436, #634438 ID: 201711-03


    Synopsis

    A flaw was discovered in the 4-way handshake in hostapd and wpa_supplicant that allows attackers to conduct a Man in the Middle attack. hostapd is a user space daemon for access point and authentication servers.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-wireless/hostapd < 2.6-r1 >= 2.6-r1 2 net-wireless/wpa_supplicant < 2.6-r3 >= 2.6-r3 ------------------------------------------------------------------- 2 affected packages

    Description

    WiFi Protected Access (WPA and WPA2) and it's associated technologies are all vulnerable to the KRACK attacks. Please review the referenced CVE identifiers for details.

    Impact

    An attacker can carry out the KRACK attacks on a wireless network in order to gain access to network clients. Once achieved, the attacker can potentially harvest confidential information (e.g. HTTP/HTTPS), inject malware, or perform a myriad of other attacks.

    Workaround

    There is no known workaround at this time.

    Resolution

    All hostapd users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.6-r1"

    All wpa_supplicant users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/wpa_supplicant-2.6-r3"

    References

    [ 1 ] CVE-2017-13077 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077 [ 2 ] CVE-2017-13078 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078 [ 3 ] CVE-2017-13079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079 [ 4 ] CVE-2017-13080 . 6) - i386, x86_64

    Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded. This update includes patches to mitigate the WPA2 protocol issues known as "KRACK" (Key Reinstallation AttaCK), which may be used to decrypt data, hijack TCP connections, and to forge and inject packets. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. For more information, see: https://www.krackattacks.com/ https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz

    Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz

    MD5 signatures: +-------------+

    Slackware 14.0 package: d8ecfaadb50b3547967ab53733ffc019 wpa_supplicant-2.6-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: f25216d28800504ce498705da7c9a825 wpa_supplicant-2.6-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 15c61050e4bab2581757befd86be74c0 wpa_supplicant-2.6-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 49fd537a520338744f7757615556d352 wpa_supplicant-2.6-x86_64-1_slack14.1.txz

    Slackware 14.2 package: c5539f40c8510af89be92945f0f80185 wpa_supplicant-2.6-i586-1_slack14.2.txz

    Slackware x86_64 14.2 package: 4c527ff84fcdfd7839f217bbce2e4ae4 wpa_supplicant-2.6-x86_64-1_slack14.2.txz

    Slackware -current package: 28bd88a54e96368f7a7020c1f5fb67fe n/wpa_supplicant-2.6-i586-2.txz

    Slackware x86_64 -current package: 464fc6b48d1ac077f47e9a3a8534c160 n/wpa_supplicant-2.6-x86_64-2.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0206",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linux enterprise point of sale",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "openstack cloud",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "6"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "suse",
            "version": "12"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.2"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.8"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.7"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.5"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.0"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.11"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.6"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.9"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.1"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.2"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.3"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "1.1"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.7.3"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.7"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.10"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "42.3"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "17.04"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.2.6"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.8"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.4.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.5.11"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.6.10"
          },
          {
            "model": "hostapd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.4"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "0.3.9"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "w1 fi",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "9front",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "adtran",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aerohive",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "alcatel lucent",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "android open source",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "arch linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "aruba",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "asustek computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "barracuda",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "broadcom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cambium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "centos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cradlepoint",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cypress semiconductor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "digi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "draytek",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "edimax computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "engenius",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "endian",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "espressif",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "extreme",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "f secure",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "fortinet",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "google",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hostap",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ipfire",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lancom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lede",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lifx",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microchip",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mojo",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nest",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netgear",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opnsense",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "omnirom",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "open mesh",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "peplink",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "riverbed",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ruckus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "samsung mobile",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sonos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sony",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sophos",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "tp link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "texas instruments",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba commerce",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba electronic devices storage",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "toshiba memory",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "turris omnia",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "volumio",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xiaomi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "xirrus",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zebra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dd wrt",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "eero",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pfsense",
            "version": null
          },
          {
            "model": "ubuntu",
            "scope": null,
            "trust": 0.8,
            "vendor": "canonical",
            "version": null
          },
          {
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "model": "freebsd",
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "leap",
            "scope": null,
            "trust": 0.8,
            "vendor": "opensuse",
            "version": null
          },
          {
            "model": "linux enterprise desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise point of sale",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "linux enterprise server",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "openstack cloud",
            "scope": null,
            "trust": 0.8,
            "vendor": "suse",
            "version": null
          },
          {
            "model": "hostapd",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "wpa supplicant",
            "scope": null,
            "trust": 0.8,
            "vendor": "w1 fi",
            "version": null
          },
          {
            "model": "enterprise linux desktop",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "enterprise linux server",
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": "edge gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "sr-m20ac1",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "sr-m20ac2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "v02.10"
          },
          {
            "model": "alliance wi-fi protected access 2",
            "scope": null,
            "trust": 0.6,
            "vendor": "wi fi",
            "version": null
          },
          {
            "model": "alliance w1.f1 wpa supplicant",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wi fi",
            "version": "2.6"
          },
          {
            "model": "scalance w-700",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux desktop",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "linux server",
            "version": "11"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.1"
          },
          {
            "model": "pyxis supplystation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "sinamics smart access module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "v200"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.27.3264"
          },
          {
            "model": "meraki mr34",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ck71a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2.0"
          },
          {
            "model": "macbook air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18500"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.0"
          },
          {
            "model": "meraki mr26",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "28000"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr84",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "510x0"
          },
          {
            "model": "windows server r2 for itanium-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "contact itc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "81130"
          },
          {
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.0.0"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr18",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.3"
          },
          {
            "model": "scalance w1750d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "secure ii med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "210x0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "aironet access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "wap371 wireless-ac n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "contact rad-80211-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "contact fl wlan dap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.25"
          },
          {
            "model": "pyxis medstation es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "wireless ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88210"
          },
          {
            "model": "pyxis stockstation system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "macbook",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10.9.2"
          },
          {
            "model": "scalance wlc712",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "contact fl wlan spa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "meraki mr62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic et200 pro im154-6 pn iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "tropos broadband mesh routers and bridges",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "abb",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.2"
          },
          {
            "model": "meraki mr33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "micros handheld terminal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.2"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "atom processor c3200 series for yocto project bsp mr4.1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.6"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.0"
          },
          {
            "model": "contact fl wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "110x0"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3002"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.4"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": "contact fl comserver wlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "232/422/4850"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.8"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7."
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1.91.3272"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.9"
          },
          {
            "model": "contact fl wlan ap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "230802-110"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.1"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "meraki mr14",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18150"
          },
          {
            "model": "wireless client bridge 2.0.0.1-aruba501-b00",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.2"
          },
          {
            "model": "airport express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr16",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "clarity engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0"
          },
          {
            "model": "meraki mr30h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airport extreme",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "windows server r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "20120"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "8.0"
          },
          {
            "model": "contact bl2 bpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "enterprise linux for ibm z systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "watch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "4.0"
          },
          {
            "model": "ruggedcom rx1400",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "cn70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1015110"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "pyxis parx handheld",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.10"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.40.100"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1.1"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3"
          },
          {
            "model": "windows rt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.1"
          },
          {
            "model": "meraki mr42",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.6"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.3"
          },
          {
            "model": "wap561 wireless-n dual radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.26.3000"
          },
          {
            "model": "instantos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6"
          },
          {
            "model": "tvos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.0"
          },
          {
            "model": "windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2016"
          },
          {
            "model": "contact rad-whg/wlan-xd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.33.9.3"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "6.4.0"
          },
          {
            "model": "suremark printer 2nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.1"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.2"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "enterprise linux for power little endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.0.0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.8"
          },
          {
            "model": "windows server for x64-based systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "pyxis supply roller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.3"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3"
          },
          {
            "model": "telepresence collaboration endpoint",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2.61.3535"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "70xx0"
          },
          {
            "model": "imac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "meraki mr72",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4"
          },
          {
            "model": "enterprise linux for power little endian extended update supp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.25.3001"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "8.1.0.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "6.2"
          },
          {
            "model": "meraki mr53",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "wap551 wireless-n single radio selectable band access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.0.0"
          },
          {
            "model": "wap121 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "2.5"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.6.0.1000"
          },
          {
            "model": "wireless client bridge 1.0.1.3-hp501-b0012",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "501"
          },
          {
            "model": "i.roc ci70-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.0.0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.1"
          },
          {
            "model": "cn70e-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726018.0.0.0"
          },
          {
            "model": "meraki mr24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "suremark printer 1nr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "50xx0"
          },
          {
            "model": "meraki mr74",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ex-handy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "090"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.15"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.20"
          },
          {
            "model": "anyconnect secure mobility client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "726519.51.7.1"
          },
          {
            "model": "systems esp32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "watchos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.1"
          },
          {
            "model": "enterprise linux server extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "micros handheld terminal 2.03.0.0.021r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "38000"
          },
          {
            "model": "pyxis parx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "dx70",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1.9"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2141"
          },
          {
            "model": "pyxis anesthesia es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "aironet series officeextend access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18100"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10.9.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.55.3000"
          },
          {
            "model": "windows for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8.10"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0"
          },
          {
            "model": "meraki mr66",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6"
          },
          {
            "model": "intouch critical care bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "2131"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.1.2"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "18300"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.6"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10.0.0.50.1004"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.1.0"
          },
          {
            "model": "wap321 wireless-n access point with single point setup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "simatic iwlan-pb/link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "aironet 1810w series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "meraki mr52",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.5"
          },
          {
            "model": "meraki mr12",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "airmesh msr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.7.20"
          },
          {
            "model": "watchos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "4.2"
          },
          {
            "model": "contact fl wlan ec",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "24802-110"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.2.4.8"
          },
          {
            "model": "systems esp8266",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "espressif",
            "version": "0"
          },
          {
            "model": "tv",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "pad-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.0.0.1205"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88610"
          },
          {
            "model": "clarity engine",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "1.0.0.1"
          },
          {
            "model": "aironet series access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15600"
          },
          {
            "model": "windows for 32-bit systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3.1.5"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.2"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.8"
          },
          {
            "model": "windows for x64-based systems sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7"
          },
          {
            "model": "enterprise linux for ibm z systems extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "meraki mr58",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for 32-bit systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.10.9.2"
          },
          {
            "model": "pyxis parassist system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "0"
          },
          {
            "model": "windows server for 32-bit systems sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2008"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "4.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "7.0"
          },
          {
            "model": "simatic mobile panel 277 iwlan",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "pyxis medstation t2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826020.0.2.3"
          },
          {
            "model": "android",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "6.0.1"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316519.51.0.0"
          },
          {
            "model": "wi-fi update for boot camp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "ipad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "contact vmt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "30xx0"
          },
          {
            "model": "enterprise linux for power big endian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "wpa supplicant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "w1 f1",
            "version": "2.6"
          },
          {
            "model": "wireless client bridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5010"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.0.1"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "11.5"
          },
          {
            "model": "meraki mr11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.3"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "40000"
          },
          {
            "model": "tvos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.2"
          },
          {
            "model": "pyxis anesthesia system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "35000"
          },
          {
            "model": "automation stratix 15.3 jc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "5100"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "pyxis ciisafe workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bd",
            "version": "??0"
          },
          {
            "model": "enterprise linux for power big endian extended update support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "-7.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.7"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.0.0"
          },
          {
            "model": "ipad air",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "model": "enterprise linux for scientific computing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.1.71.3608"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.41.3024"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.2.1"
          },
          {
            "model": "enterprise linux eus compute node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "model": "dx80",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.0"
          },
          {
            "model": "contact bl2 ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "contact tpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "60130"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.1"
          },
          {
            "model": "ck70a-atex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "0"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.3.1"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.51.7.20"
          },
          {
            "model": "macbook pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316819.10"
          },
          {
            "model": "windows for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "100"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.8"
          },
          {
            "model": "active management technology",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.5"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.1"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "10.2"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.4"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "826520.0.2.2"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.33.9.3"
          },
          {
            "model": "tab-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "010"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.3.3"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "macmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.4.4.16"
          },
          {
            "model": "contact fl wlan epa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "phoenix",
            "version": "0"
          },
          {
            "model": "airport time capsule",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "alliance wpa2 (wi-fi protected access",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wi fi",
            "version": "2)0"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.9"
          },
          {
            "model": "scalance wlc711",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "ruggedcom rs9xxw",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.1.15"
          },
          {
            "model": "networks unifi access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubiquiti",
            "version": "0"
          },
          {
            "model": "suremark printer 2cr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "toshiba",
            "version": "4610"
          },
          {
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "88650"
          },
          {
            "model": "arubaos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "airport base station",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.7.7"
          },
          {
            "model": "instantos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.5.4"
          },
          {
            "model": "asa 5506w-x w/ firepower services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1016070"
          },
          {
            "model": "airport base station",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "7.6.9"
          },
          {
            "model": "s3 med-surg bed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stryker",
            "version": "3005"
          },
          {
            "model": "dual band wireless-ac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "316018.0.0.0"
          },
          {
            "model": "smart-ex",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pepperl fuchs",
            "version": "2010"
          },
          {
            "model": "windows version for x64-based systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1017030"
          },
          {
            "model": "ios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "14.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "16.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ubuntu linux",
            "version": "17.04"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "8.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "debian linux",
            "version": "9.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "10.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "freebsd",
            "version": "11.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "leap",
            "version": "42.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux desktop",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hostapd",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.2.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.3.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.4.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.7"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.5.11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.8"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.9"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.6.10"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "0.7.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "1.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.3"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "wpa supplicant",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux point of sale",
            "version": "11"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "linux server",
            "version": "12"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "openstack cloud",
            "version": "6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:1.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.6.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.6.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.5.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.5.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.3.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:w1.fi:wpa_supplicant:0.2.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:ltss:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:openstack_cloud:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mathy Vanhoef from imec-DistriNet and KU Leuven.",
        "sources": [
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-13077",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-13077",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CNVD-2017-30406",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "69402209-7265-4991-8217-51ff9b4857be",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-13077",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-13077",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-30406",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-380",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "69402209-7265-4991-8217-51ff9b4857be",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-13077",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames. These vulnerabilities are referred to as Key Reinstallation Attacks or \"KRACK\" attacks. WPA (Wi-Fi Protected Access) is a system that protects wireless computer networks (Wi-Fi). The WPA2 wireless network has a PTK-TK key reload vulnerability in the fourth handshake. WPA2  is prone to multiple security weaknesses. \nExploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: wpa_supplicant security update\nAdvisory ID:       RHSA-2017:2907-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:2907\nIssue date:        2017-10-17\nCVE Names:         CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 \n                   CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 \n                   CVE-2017-13088 \n=====================================================================\n\n1. Summary:\n\nAn update for wpa_supplicant is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe wpa_supplicant packages contain an 802.1X Supplicant with support for\nWEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication\nmethods. They implement key negotiation with a WPA Authenticator for client\nstations and controls the roaming and IEEE 802.11 authentication and\nassociation of the WLAN driver. A remote attacker within Wi-Fi range\ncould exploit these attacks to decrypt Wi-Fi traffic or possibly inject\nforged Wi-Fi packets by manipulating cryptographic handshakes used by the\nWPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nRed Hat would like to thank CERT for reporting these issues. Upstream\nacknowledges Mathy Vanhoef (University of Leuven) as the original reporter\nof these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1491692 - CVE-2017-13077 wpa_supplicant: Reinstallation of the pairwise key in the 4-way handshake\n1491693 - CVE-2017-13078 wpa_supplicant: Reinstallation of the group key in the 4-way handshake\n1491696 - CVE-2017-13080 wpa_supplicant: Reinstallation of the group key in the group key handshake\n1491698 - CVE-2017-13082 wpa_supplicant: Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it\n1500302 - CVE-2017-13086 wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake\n1500303 - CVE-2017-13087 wpa_supplicant: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame\n1500304 - CVE-2017-13088 wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\naarch64:\nwpa_supplicant-2.6-5.el7_4.1.aarch64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.aarch64.rpm\n\nppc64:\nwpa_supplicant-2.6-5.el7_4.1.ppc64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64.rpm\n\nppc64le:\nwpa_supplicant-2.6-5.el7_4.1.ppc64le.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.ppc64le.rpm\n\ns390x:\nwpa_supplicant-2.6-5.el7_4.1.s390x.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.s390x.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nwpa_supplicant-2.6-5.el7_4.1.src.rpm\n\nx86_64:\nwpa_supplicant-2.6-5.el7_4.1.x86_64.rpm\nwpa_supplicant-debuginfo-2.6-5.el7_4.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-13077\nhttps://access.redhat.com/security/cve/CVE-2017-13078\nhttps://access.redhat.com/security/cve/CVE-2017-13080\nhttps://access.redhat.com/security/cve/CVE-2017-13082\nhttps://access.redhat.com/security/cve/CVE-2017-13086\nhttps://access.redhat.com/security/cve/CVE-2017-13087\nhttps://access.redhat.com/security/cve/CVE-2017-13088\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/kracks\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ5nilXlSAg2UNWIIRAu7RAJwO3CwWfh61xybvjdxlG0Iqd17JpwCcD5FK\n5vz/c6aXRYIJEjVFKVqkVU0=\n=rSjV\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9\n\nAirPort Base Station Firmware Update 7.7.9 is now available and\naddresses the following:\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nunicast/PTK clients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. This was addressed with improved state management. \nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nAirPort Base Station Firmware\nAvailable for: AirPort Extreme and AirPort Time Capsule base stations\nwith 802.11ac\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nmulticast/GTK clients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. This was addressed with improved state management. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nFirmware version 7.7.9 is installed on AirPort Extreme or\nAirPort Time Capsule base stations with 802.11ac using\nAirPort Utility for Mac or iOS. \n\nAirPort Utility for Mac is a free download from\nhttps://support.apple.com/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at\nKU Leuven\n\nInstallation note:\n\nWi-Fi Update for Boot Camp 6.4.0 may be obtained from Apple Software\nUpdate for Windows. Those vulnerabilities applies to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant). \n\nAn attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1. \n\nFor the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1. \n\nWe recommend that you upgrade your wpa packages. ==========================================================================\nUbuntu Security Notice USN-3455-1\nOctober 16, 2017\n\nwpa vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nMathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly\nhandled WPA2. (CVE-2017-13077,\nCVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,\nCVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A remote attacker could use\nthis issue to cause a denial of service. (CVE-2016-4476)\n\nImre Rad discovered that wpa_supplicant and hostapd incorrectly handled\ninvalid characters in passphrase parameters. A local attacker could use\nthis issue to cause a denial of service, or possibly execute arbitrary\ncode. (CVE-2016-4477)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n  hostapd                         2.4-0ubuntu9.1\n  wpasupplicant                   2.4-0ubuntu9.1\n\nUbuntu 16.04 LTS:\n  hostapd                         2.4-0ubuntu6.2\n  wpasupplicant                   2.4-0ubuntu6.2\n\nUbuntu 14.04 LTS:\n  hostapd                         2.1-0ubuntu1.5\n  wpasupplicant                   2.1-0ubuntu1.5\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201711-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: hostapd and wpa_supplicant: Key Reinstallation (KRACK)\n           attacks\n     Date: November 10, 2017\n     Bugs: #634436, #634438\n       ID: 201711-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA flaw was discovered in the 4-way handshake in hostapd and\nwpa_supplicant that allows attackers to conduct a Man in the Middle\nattack. hostapd is a user space daemon for access point and\nauthentication servers. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-wireless/hostapd         \u003c 2.6-r1                  \u003e= 2.6-r1 \n  2  net-wireless/wpa_supplicant\n                                  \u003c 2.6-r3                  \u003e= 2.6-r3 \n    -------------------------------------------------------------------\n     2 affected packages\n\nDescription\n===========\n\nWiFi Protected Access (WPA and WPA2) and it\u0027s associated technologies\nare all vulnerable to the KRACK attacks. Please review the referenced\nCVE identifiers for details. \n\nImpact\n======\n\nAn attacker can carry out the KRACK attacks on a wireless network in\norder to gain access to network clients. Once achieved, the attacker\ncan potentially harvest confidential information (e.g. HTTP/HTTPS),\ninject malware, or perform a myriad of other attacks. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll hostapd users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-wireless/hostapd-2.6-r1\"\n\nAll wpa_supplicant users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=net-wireless/wpa_supplicant-2.6-r3\"\n\nReferences\n==========\n\n[  1 ] CVE-2017-13077\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13077\n[  2 ] CVE-2017-13078\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13078\n[  3 ] CVE-2017-13079\n       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13079\n[  4 ] CVE-2017-13080\n. 6) - i386, x86_64\n\n3. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz:  Upgraded. \n  This update includes patches to mitigate the WPA2 protocol issues known\n  as \"KRACK\" (Key Reinstallation AttaCK), which may be used to decrypt data,\n  hijack TCP connections, and to forge and inject packets. \n  CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT)\n    Reassociation Request and reinstalling the pairwise encryption key (PTK-TK)\n    while processing it. \n  For more information, see:\n    https://www.krackattacks.com/\n    https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13084\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.6-i586-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd8ecfaadb50b3547967ab53733ffc019  wpa_supplicant-2.6-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nf25216d28800504ce498705da7c9a825  wpa_supplicant-2.6-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n15c61050e4bab2581757befd86be74c0  wpa_supplicant-2.6-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n49fd537a520338744f7757615556d352  wpa_supplicant-2.6-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc5539f40c8510af89be92945f0f80185  wpa_supplicant-2.6-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n4c527ff84fcdfd7839f217bbce2e4ae4  wpa_supplicant-2.6-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n28bd88a54e96368f7a7020c1f5fb67fe  n/wpa_supplicant-2.6-i586-2.txz\n\nSlackware x86_64 -current package:\n464fc6b48d1ac077f47e9a3a8534c160  n/wpa_supplicant-2.6-x86_64-2.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg wpa_supplicant-2.6-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-13077",
            "trust": 4.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "101274",
            "trust": 2.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-17420",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1039577",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039576",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039581",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039578",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039585",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1039573",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1041432",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-003",
            "trust": 1.7
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2017-005",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-901333",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-114-01",
            "trust": 1.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-19-029-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-353-02",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-01",
            "trust": 1.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-325-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380",
            "trust": 0.8
          },
          {
            "db": "JUNIPER",
            "id": "JSA10827",
            "trust": 0.8
          },
          {
            "db": "DLINK",
            "id": "SAP10075",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02A",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU94846424",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU90609033",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4125",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-299-02",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-318-02",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51FF9B4857BE",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144652",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145394",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145395",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "148445",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144630",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144632",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144944",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144659",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "144663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "id": "VAR-201710-0206",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          }
        ],
        "trust": 1.4301902008333334
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          }
        ]
      },
      "last_update_date": "2024-07-23T19:26:04.525000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ARUBA-PSA-2017-007",
            "trust": 0.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "title": "DSA-3999",
            "trust": 0.8,
            "url": "https://www.debian.org/security/2017/dsa-3999"
          },
          {
            "title": "FreeBSD-SA-17:07.wpa",
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "title": "LEN-17420",
            "trust": 0.8,
            "url": "https://support.lenovo.com/jp/en/product_security/len-17420"
          },
          {
            "title": "NV17-024",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv17-024.html"
          },
          {
            "title": "KRACKs - wpa_supplicant Multiple Vulnerabilities",
            "trust": 0.8,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "title": "RHSA-2017:2907",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "title": "RHSA-2017:2911",
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "title": "USN-3455-1",
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "title": "WPA packet number reuse with replayed messages and key reinstallation",
            "trust": 0.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "title": "Wi-Fi\u306e\u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306e\u8907\u6570\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.fujitsu.com/jp/products/network/support/2017/srm-01/index.html"
          },
          {
            "title": "WPA2\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u5f0a\u793e\u8abf\u67fb\u30fb\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.iodata.jp/support/information/2017/wpa2/"
          },
          {
            "title": "\u7121\u7ddaLAN \u8a8d\u8a3c\uff0f\u6697\u53f7\u5316\u6280\u8853WPA2\u304a\u3088\u3073WPA\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306e\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.fmworld.net/biz/common/info/20171110/"
          },
          {
            "title": "Patch for WPA2 Wireless Network PTK-TK Encryption Key Reload Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/103818"
          },
          {
            "title": "Multiple WiFi product WPA2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75494"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172911 - security advisory"
          },
          {
            "title": "Red Hat: Important: wpa_supplicant security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172907 - security advisory"
          },
          {
            "title": "Red Hat: CVE-2017-13077",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-13077"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-13077"
          },
          {
            "title": "Apple: Wi-Fi Update for Boot Camp 6.4.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4dc3bb86865485e4364fd6b2dc2fc379"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.7.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7ca8130f8030911575aa17c0e84114dd"
          },
          {
            "title": "Apple: watchOS 4.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=345c3fa8a313cd9a1ced5ef372c465c4"
          },
          {
            "title": "Apple: AirPort Base Station Firmware Update 7.6.9",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=43d8dcf7961e20b6ec02761d12969c19"
          },
          {
            "title": "Debian CVElist Bug Report Logs: firmware-brcm80211: BroadPwn vulnerability CVE-2017-9417",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2e0affd9108e95fa2aa2c706c74cd8a9"
          },
          {
            "title": "Ubuntu Security Notice: wpa vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3455-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3999-1 wpa -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=08990d9925276738bd732fa4d58f9ef0"
          },
          {
            "title": "Apple: tvOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7a8e908aff7c02a31b2d335766e6d5c2"
          },
          {
            "title": "Apple: iOS 11.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7814c280e80969d4c4d88f74b13290f2"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-23] hostapd: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-23"
          },
          {
            "title": "Arch Linux Advisories: [ASA-201710-22] wpa_supplicant: man-in-the-middle",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-22"
          },
          {
            "title": "HP: HPSBPI03574 rev. 1 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03574"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6df91267eee9400a24a98876f50ffe84"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014May 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=170d2de05a0349ffa4f579ee79da1e9d"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014November 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c29eb008bb212762e5cfb25c7c5c0d5"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20171016-wpa"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=25584b3d319ca9e7cb2fae9ec5dbf5e0"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014June 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=cc496c56e2bf669809bfb568f59af8e1"
          },
          {
            "title": "HP: HPSBHF03571 rev. 6  -  Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03571"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
          },
          {
            "title": "Apple: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=870f3f04ef17f7b183f74ae687a1561d"
          },
          {
            "title": "Android Security Bulletins: Android Security Bulletin\u2014April 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=068d787c35ce8cea494780f9a47b5827"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
          },
          {
            "title": "vanhoefm-krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/84kaliplexon3/vanhoefm-krackattacks-scripts "
          },
          {
            "title": "krankattack",
            "trust": 0.1,
            "url": "https://github.com/devkosov/krankattack "
          },
          {
            "title": "krackattacks-scripts",
            "trust": 0.1,
            "url": "https://github.com/vanhoefm/krackattacks-scripts "
          },
          {
            "title": "KRACK",
            "trust": 0.1,
            "url": "https://github.com/chinatso/krack "
          },
          {
            "title": "krackinfo",
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo "
          },
          {
            "title": "nixos-issue-db-example",
            "trust": 0.1,
            "url": "https://github.com/andir/nixos-issue-db-example "
          },
          {
            "title": "SamsungReleaseNotes",
            "trust": 0.1,
            "url": "https://github.com/samreleasenotes/samsungreleasenotes "
          },
          {
            "title": "welivesecurity",
            "trust": 0.1,
            "url": "https://www.welivesecurity.com/2019/10/17/alexa-how-amazon-echo-kindle-got-kracked/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/millions-of-amazon-echo-and-kindle-devices-affected-by-wifi-bug/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/11/07/android_november_security_update/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.krackattacks.com/"
          },
          {
            "trust": 3.3,
            "url": "https://source.android.com/security/bulletin/2017-11-01"
          },
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/101274"
          },
          {
            "trust": 2.8,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-007.txt"
          },
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171016-wpa"
          },
          {
            "trust": 2.7,
            "url": "https://access.redhat.com/security/vulnerabilities/kracks"
          },
          {
            "trust": 2.5,
            "url": "http://www.debian.org/security/2017/dsa-3999"
          },
          {
            "trust": 2.2,
            "url": "https://access.redhat.com/errata/rhsa-2017:2911"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/228519"
          },
          {
            "trust": 2.1,
            "url": "https://access.redhat.com/errata/rhsa-2017:2907"
          },
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "trust": 1.8,
            "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
          },
          {
            "trust": 1.8,
            "url": "http://www.ubuntu.com/usn/usn-3455-1"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039585"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039581"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039578"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039577"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1039573"
          },
          {
            "trust": 1.7,
            "url": "https://support.lenovo.com/us/en/product_security/len-17420"
          },
          {
            "trust": 1.7,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201711-03"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208222"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208221"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208220"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/ht208219"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "trust": 1.7,
            "url": "https://source.android.com/security/bulletin/2018-04-01"
          },
          {
            "trust": 1.7,
            "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03792en_us"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
          },
          {
            "trust": 1.7,
            "url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
          },
          {
            "trust": 1.7,
            "url": "https://source.android.com/security/bulletin/2018-06-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1041432"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "trust": 1.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13077"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-114-01"
          },
          {
            "trust": 1.1,
            "url": "https://papers.mathyvanhoef.com/ccs2017.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://w1.fi/security/2017-1/"
          },
          {
            "trust": 1.1,
            "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00101\u0026languageid=en-fr"
          },
          {
            "trust": 1.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-13080"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-02"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-325-01"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-19-029-01"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13077"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13078"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/323.html"
          },
          {
            "trust": 0.8,
            "url": "https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-krack-vulnerability"
          },
          {
            "trust": 0.8,
            "url": "https://www3.aerohive.com/support/security-bulletins/product-security-announcement-aerohives-response-to-krack-10162017.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.al-enterprise.com/en/support/security-alert-krack"
          },
          {
            "trust": 0.8,
            "url": "https://support.apple.com/en-gb/ht208222"
          },
          {
            "trust": 0.8,
            "url": "https://security.archlinux.org/avg-447"
          },
          {
            "trust": 0.8,
            "url": "https://www.asus.com/static_webpage/asus-product-security-advisory/"
          },
          {
            "trust": 0.8,
            "url": "https://community.barracudanetworks.com/forum/index.php?/topic/23525-security-advisories/page-2"
          },
          {
            "trust": 0.8,
            "url": "https://lists.centos.org/pipermail/centos-announce/2017-october/022569.html"
          },
          {
            "trust": 0.8,
            "url": "https://community.cypress.com/docs/doc-13871"
          },
          {
            "trust": 0.8,
            "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10075"
          },
          {
            "trust": 0.8,
            "url": "http://www.dell.com/support/article/sln307822"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/espressif/esp8266_nonos_sdk"
          },
          {
            "trust": 0.8,
            "url": "https://extremeportal.force.com/extrarticledetail?n=000018005"
          },
          {
            "trust": 0.8,
            "url": "https://bodhi.fedoraproject.org/updates/fedora-2017-60bfb576b7"
          },
          {
            "trust": 0.8,
            "url": "http://www.fortiguard.com/psirt/fg-ir-17-196"
          },
          {
            "trust": 0.8,
            "url": "https://www.freebsd.org/security/advisories/freebsd-sa-17:07.wpa.asc"
          },
          {
            "trust": 0.8,
            "url": "https://bugs.gentoo.org/634440"
          },
          {
            "trust": 0.8,
            "url": "https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null\u0026doclocale=en_us\u0026docid=emr_na-a00029151en_us"
          },
          {
            "trust": 0.8,
            "url": "https://kb.juniper.net/jsa10827"
          },
          {
            "trust": 0.8,
            "url": "https://support.lenovo.com/ca/en/product_security/len-17420"
          },
          {
            "trust": 0.8,
            "url": "http://www.microchip.com/wwwproducts/en/atwinc1500"
          },
          {
            "trust": 0.8,
            "url": "http://mail-index.netbsd.org/source-changes/2017/10/16/msg088877.html"
          },
          {
            "trust": 0.8,
            "url": "https://kb.netgear.com/000049498/security-advisory-for-wpa-2-vulnerabilities-psv-2017-2826-psv-2017-2836-psv-2017-2837"
          },
          {
            "trust": 0.8,
            "url": "https://forum.peplink.com/t/security-advisory-wpa2-vulnerability-vu-228519/12715"
          },
          {
            "trust": 0.8,
            "url": "https://ruckus-www.s3.amazonaws.com/pdf/security/faq-security-advisory-id-101617-v1.0.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://www.suse.com/de-de/support/kb/doc/?id=7022107"
          },
          {
            "trust": 0.8,
            "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---wpa-and-wpa2-vulnerabilities/"
          },
          {
            "trust": 0.8,
            "url": "http://www.slackware.com/changelog/stable.php?cpu=x86_64"
          },
          {
            "trust": 0.8,
            "url": "https://community.sophos.com/kb/en-us/127658"
          },
          {
            "trust": 0.8,
            "url": "https://www.toshibacommerce.com/wps/myportal/%21ut/p/a1/rzrnc8igeiz_sw8egqhjcdmmwr8abw2dqcnfoyqotidrrk399uxrrwotuzgws7a87y6z88iuzmcq2u4uwcnlzypjnjj5-exr_wnhya-laxtrid-j3uchdtb8gylmuw6qzgktovtowsrrqlrs6-8dbeqhwc1mykqnlabgdjlf1yjvn7i5af4qtdwsn2tri7j"
          },
          {
            "trust": 0.8,
            "url": "http://www.toshiba-personalstorage.net/en/news/hdd/ot_notice/20171017.htm"
          },
          {
            "trust": 0.8,
            "url": "http://support.toshiba.com/support/staticcontentdetail?contentid=4015875\u0026isfromtoclink=false"
          },
          {
            "trust": 0.8,
            "url": "https://community.ubnt.com/t5/unifi-updates-blog/firmware-3-9-3-7537-for-uap-usw-has-been-released/ba-p/2099365"
          },
          {
            "trust": 0.8,
            "url": "https://usn.ubuntu.com/usn/usn-3455-1/"
          },
          {
            "trust": 0.8,
            "url": "http://en.miui.com/thread-954223-1-1.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.zebra.com/content/dam/zebra_new_ia/en-us/support-and-downloads/lifeguard-security/krack-security-bulletin.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_wpa2_key_management.shtml"
          },
          {
            "trust": 0.8,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk120938"
          },
          {
            "trust": 0.8,
            "url": "https://community.rsa.com/docs/doc-84103"
          },
          {
            "trust": 0.8,
            "url": "https://support.f5.com/csp/article/k23642330"
          },
          {
            "trust": 0.8,
            "url": "https://forum.mikrotik.com/viewtopic.php?f=21\u0026t=126695"
          },
          {
            "trust": 0.8,
            "url": "https://community.linksys.com/t5/wireless-routers/krack-vulnerability/td-p/1218573"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02a"
          },
          {
            "trust": 0.8,
            "url": "https://www.ipa.go.jp/security/ciadr/vul/20171017_wpa2.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94846424/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu90609033/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.kb.cert.org/vuls/id/cheu-aqnmyp"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
          },
          {
            "trust": 0.6,
            "url": "https://www.kb.cert.org/vuls/id/228519/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4125/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13077"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13078"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13080"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2017-13087"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13087"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13082"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13086"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2017-13088"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13082"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13086"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13088"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/stevenhoneyman/wpa_gui/tree/master/wpa_supplicant-2.4"
          },
          {
            "trust": 0.3,
            "url": "http://www.wi-fi.org/index.php"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-ie/ht208847"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208334"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208327"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-in/ht208325"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00009.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00008.html"
          },
          {
            "trust": 0.3,
            "url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00000.html"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13079"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13081"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-13084"
          },
          {
            "trust": 0.3,
            "url": "http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-299-02"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-318-02"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13081"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/kristate/krackinfo"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9417"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht208038"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4477"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu9.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13078"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-13077"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13078"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13080"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13082"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13087"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13081"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13086"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13088"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13079"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13084"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "db": "BID",
            "id": "101274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-17T00:00:00",
            "db": "IVD",
            "id": "69402209-7265-4991-8217-51ff9b4857be"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2017-10-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "date": "2017-10-17T16:52:00",
            "db": "PACKETSTORM",
            "id": "144652"
          },
          {
            "date": "2017-12-13T03:33:33",
            "db": "PACKETSTORM",
            "id": "145394"
          },
          {
            "date": "2017-12-13T04:44:44",
            "db": "PACKETSTORM",
            "id": "145395"
          },
          {
            "date": "2018-07-05T23:02:22",
            "db": "PACKETSTORM",
            "id": "148445"
          },
          {
            "date": "2017-10-16T13:49:34",
            "db": "PACKETSTORM",
            "id": "144630"
          },
          {
            "date": "2017-10-16T23:23:00",
            "db": "PACKETSTORM",
            "id": "144632"
          },
          {
            "date": "2017-11-10T19:19:00",
            "db": "PACKETSTORM",
            "id": "144944"
          },
          {
            "date": "2017-10-18T20:20:00",
            "db": "PACKETSTORM",
            "id": "144659"
          },
          {
            "date": "2017-10-18T20:44:00",
            "db": "PACKETSTORM",
            "id": "144663"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "date": "2017-10-17T02:29:00.207000",
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-16T00:00:00",
            "db": "CERT/CC",
            "id": "VU#228519"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-30406"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-13077"
          },
          {
            "date": "2019-02-21T09:00:00",
            "db": "BID",
            "id": "101274"
          },
          {
            "date": "2019-02-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008412"
          },
          {
            "date": "2020-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-13077"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#228519"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-380"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200907-0445

    Vulnerability from variot - Updated: 2024-02-27 22:16

    Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Opera for, Select of the object length Disruption of service due to flaws in property-related processing (DoS) There is a vulnerability that could result in a condition. Browsers from multiple vendors are prone to a denial-of-service vulnerability. Successfully exploiting this issue may allow attackers to crash an affected application. NOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200907-0445",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "browser",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "opera",
            "version": "9.64"
          },
          {
            "model": "opera",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "opera asa",
            "version": null
          },
          {
            "model": "opera",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "opera asa",
            "version": "9.64  and earlier"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "9.02"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "9.22"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "9.64"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "9.01"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "9.12"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "8.52"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "8.0"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "9.20"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "8.53"
          },
          {
            "model": "browser",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "opera",
            "version": "9.0"
          },
          {
            "model": "open source project webkit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "webkit",
            "version": "0"
          },
          {
            "model": "playstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "30"
          },
          {
            "model": "in motion blackberry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "research",
            "version": "88004.2"
          },
          {
            "model": "in motion blackberry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "research",
            "version": "88004.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pardus",
            "version": "20080"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.63"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.62"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.61"
          },
          {
            "model": "software opera web browser beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.601"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.60"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.52"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.51"
          },
          {
            "model": "software opera web browser beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.50"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.5"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.27"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.26"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.25"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.24"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.23"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.22"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.21"
          },
          {
            "model": "software opera web browser beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.201"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.20"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.10"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.02"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.01"
          },
          {
            "model": "software opera web browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9"
          },
          {
            "model": "n95 phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "0"
          },
          {
            "model": "n82",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "0"
          },
          {
            "model": "n810",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nokia",
            "version": "0"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "8.0.3.3"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "8.0.3.1"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "8.0.2"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "8.0.1"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "8.0"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "7.2"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "7.1"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "7.0"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.2.3"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.2.2"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.2.1"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.2"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.1"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.01"
          },
          {
            "model": "mac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.0"
          },
          {
            "model": "netscape",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "6.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.3"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.1"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.9"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.8"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.7"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.6"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.5"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.4"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.3"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.17"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.16"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.10"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.1"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.05"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.2"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.15"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.14"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.13"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.12"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.0.11"
          },
          {
            "model": "firefox rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "firefox rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "firefox beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.01"
          },
          {
            "model": "firefox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0"
          },
          {
            "model": "midbrowser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "midbrowser",
            "version": "0"
          },
          {
            "model": "internet explorer sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0.1"
          },
          {
            "model": "internet explorer sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0.1"
          },
          {
            "model": "internet explorer sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0.1"
          },
          {
            "model": "internet explorer sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0.1"
          },
          {
            "model": "internet explorer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0.1"
          },
          {
            "model": "internet explorer rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8"
          },
          {
            "model": "internet explorer beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "82"
          },
          {
            "model": "internet explorer beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "81"
          },
          {
            "model": "internet explorer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "8"
          },
          {
            "model": "internet explorer beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7.0"
          },
          {
            "model": "internet explorer beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7.0"
          },
          {
            "model": "internet explorer beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7.0"
          },
          {
            "model": "internet explorer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "7.0"
          },
          {
            "model": "internet explorer sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "6.0"
          },
          {
            "model": "internet explorer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "6.0"
          },
          {
            "model": "internet explorer sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.5"
          },
          {
            "model": "internet explorer sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.5"
          },
          {
            "model": "internet explorer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.5"
          },
          {
            "model": "internet explorer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "5.0"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.0"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.0"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.1"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2008.0"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2008.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "konqueror embedded",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "0.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.95"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.5.9"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.5.7"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.5.6"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.5.5"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.5.2"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.5.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.3.2"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.3.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.3"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.2.3"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.2.2-6"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.2.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.1.5"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.1.4"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.1.3"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.1.2"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.1.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.1"
          },
          {
            "model": "konqueror b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.0.5"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.0.5"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.0.3"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.0.2"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.0.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "3.0"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "2.2.2"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "2.2.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "2.1.2"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "2.1.1"
          },
          {
            "model": "konqueror",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kde",
            "version": "4.1"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "2.0.172.33"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "2.0.172.31"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "2.0.172.30"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.61"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "0.3.1549"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "0.2.149.30"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "0.2.149.29"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "0.2.149.27"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.65"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.64"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.59"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.55"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.53"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.48"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.46"
          },
          {
            "model": "chrome",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "google",
            "version": "1.0.154.36"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux armel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.2.1"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0.2"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0.1"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.4"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.3"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.2"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.1"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.2"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.1"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1"
          },
          {
            "model": "ipod touch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.2.1"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0.2"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0.1"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.4"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.3"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.2"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1.1"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.0.2"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.0.1"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.2"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.1"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "2.0"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1.1"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "1"
          },
          {
            "model": "iphone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "0"
          },
          {
            "model": "p8860",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "aigo",
            "version": "0"
          },
          {
            "model": "software opera web browser",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "opera",
            "version": "9.64"
          },
          {
            "model": "firefox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "3.0.5"
          },
          {
            "model": "firefox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "mozilla",
            "version": "2.0.19"
          },
          {
            "model": "chrome",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "google",
            "version": "2.0.172.37"
          },
          {
            "model": "ipod touch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.0"
          },
          {
            "model": "iphone",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "35446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.64",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Oskar Lissheim-BoethiusOliver QuasChristian Schmitz",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2009-2540",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2009-2540",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2009-2540",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200907-291",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Opera for, Select of the object length Disruption of service due to flaws in property-related processing (DoS) There is a vulnerability that could result in a condition. Browsers from multiple vendors are prone to a denial-of-service vulnerability. \nSuccessfully exploiting this issue may allow attackers to crash an affected application. \nNOTE: This issue was previously covered in BID 35414 (Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities), but has been assigned its own record to better document it",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "db": "BID",
            "id": "35446"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2009-2540",
            "trust": 3.5
          },
          {
            "db": "EXPLOIT-DB",
            "id": "9160",
            "trust": 1.6
          },
          {
            "db": "XF",
            "id": "52874",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20090715 [GSEC-TZO-44-2009] ONE BUG TO RULE THEM ALL - FIREFOX, IE, SAFARI,OPERA, CHROME,SEAMONKEY,IPHONE,IPOD,WII,PS3....",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20090715 RE: [GSEC-TZO-44-2009] ONE BUG TO RULE THEM ALL - FIREFOX, IE, SAFARI,OPERA, CHROME,SEAMONKEY,IPHONE,IPOD,WII,PS3....",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20090715 RE:[GSEC-TZO-44-2009] ONE BUG TO RULE THEM ALL - FIREFOX, IE, SAFARI,OPERA, CHROME,SEAMONKEY,IPHONE,IPOD,WII,PS3....",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20090716 RE[2]: [GSEC-TZO-44-2009] ONE BUG TO RULE THEM ALL - FIREFOX, IE, SAFARI,OPERA, CHROME,SEAMONKEY,IPHONE,IPOD,WII,PS3....",
            "trust": 0.6
          },
          {
            "db": "MILW0RM",
            "id": "9160",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "35446",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "35446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "id": "VAR-200907-0445",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28125
      },
      "last_update_date": "2024-02-27T22:16:58.978000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "http://www.opera.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.0
          },
          {
            "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
          },
          {
            "trust": 1.4,
            "url": "http://xforce.iss.net/xforce/xfdb/52874"
          },
          {
            "trust": 1.0,
            "url": "http://www.exploit-db.com/exploits/9160"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52874"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5957"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2540"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/505006/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/504989/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/504988/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/504969/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.milw0rm.com/exploits/9160"
          },
          {
            "trust": 0.3,
            "url": "http://support.apple.com/kb/ht3639"
          },
          {
            "trust": 0.3,
            "url": "http://www.apple.com/iphone/"
          },
          {
            "trust": 0.3,
            "url": "http://www.apple.com/ipodtouch/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mandriva.com/en/security/advisories?name=mdvsa-2009:346"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "35446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "35446"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2009-06-17T00:00:00",
            "db": "BID",
            "id": "35446"
          },
          {
            "date": "2010-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "date": "2009-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          },
          {
            "date": "2009-07-20T18:30:01.233000",
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-19T08:42:00",
            "db": "BID",
            "id": "35446"
          },
          {
            "date": "2024-02-27T06:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          },
          {
            "date": "2009-09-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          },
          {
            "date": "2024-02-02T03:07:21.203000",
            "db": "NVD",
            "id": "CVE-2009-2540"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Opera\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-002558"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-291"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0098

    Vulnerability from variot - Updated: 2024-02-13 22:44

    SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device. SEC Consult reported this vulnerability to Sony, and Sony reported this vulnerability to JPCERT/CC to notify the solution to users through JVN. JPCERT/CC and Sony coordinated for the publication of this case.Authentication information may be obtained by an unauthenticated user who can access the device. As a result, the user can log in as an administrator and conduct any administrative operations. SONYSNC-CH115 and so on are Sony's network camera products. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. SONY SNC-CH115, etc. The following devices are affected: SONY SNC-CH115; SNC-CH120; SNC-CH160; SNC-CH220; SNC-CH260; SNC-DH120; SNC-EB520; SNC-EM520; SNC-EM521; SNC-ZB550; SNC-ZM550; SNC-ZM551; SNC-EP550; SNC-EP580; SNC-ER550; ER585H; SNC-ZP550; SNC-ZR550; SNC-EP520; SNC-EP521; SNC-ER520; SNC-ER521;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0098",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "snc series",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "2.7.0"
          },
          {
            "model": "snc series",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "1.8.5.00"
          },
          {
            "model": "snc-ch120",
            "scope": null,
            "trust": 0.8,
            "vendor": "sony business solution",
            "version": null
          },
          {
            "model": "digital \u003cver.2.7.2",
            "scope": null,
            "trust": 0.6,
            "vendor": "sony",
            "version": null
          },
          {
            "model": "new for network cameras \u003cver.2.7.2",
            "scope": null,
            "trust": 0.6,
            "vendor": "sony",
            "version": null
          },
          {
            "model": "wireless and network ip security cameras \u003cver.2.7.2",
            "scope": null,
            "trust": 0.6,
            "vendor": "sony",
            "version": null
          },
          {
            "model": "snc series",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "1.8.5.00"
          },
          {
            "model": "snc series",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "2.7.0"
          },
          {
            "model": "snc-zr550",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-zp550",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-zm551",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-zm550",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-zb550",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-xm637",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-xm636",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-xm632",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-xm631l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-xm631",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-wr632c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-wr630",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-wr602cl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-wr602c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-wr602",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-wr600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm632r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm631",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm6307",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm6305",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm630",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm602r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm601b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm601",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm600l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm600b5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm600b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vm600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb635",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb632d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb6307",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb6305",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb630",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb600l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb600b5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb600b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-vb600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er585h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er585",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er550c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er550",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er521c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er521",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-er520",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ep580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ep550",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ep521",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ep520",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em632rc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em632r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em631",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em630",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em602rc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em602r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em601",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em521",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-em520",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-eb632r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-eb630b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-eb630",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-eb602r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-eb600b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-eb600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-eb520",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-dh260",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-dh220t",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-dh220",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-dh160",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-dh120t",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-dh120",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-cx600w",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-cx600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ch260",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ch220",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ch160",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ch120",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-ch115",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sony",
            "version": "0"
          },
          {
            "model": "snc-zr550",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-zp550",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-zm551",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-zm550",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-zb550",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-xm637",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-xm636",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-xm632",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-xm631l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-xm631",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-wr632c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-wr632",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-wr630",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-wr602cl",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-wr602c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-wr602",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-wr600",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm632r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm631",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm6307",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm6305",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm630",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm602r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm601b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm601",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm600l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm600b5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm600b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vm600",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb635",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb632d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb6307",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb6305",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb630",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb600b5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb600b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-vb600",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-er585h",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-er585",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-er580",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-er550c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-er550",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-er521c",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-er521",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-er520",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ep580",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ep550",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ep521",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ep520",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-em632rc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-em632r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-em631",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-em630",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-em602rc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-em602r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-em601",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-em521",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-em520",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-eb632r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-eb630b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-eb630",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-eb602r",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-eb600b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-eb600",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "2.7.2"
          },
          {
            "model": "snc-eb520",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-dh260",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-dh220t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-dh220",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-dh160",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-dh120t",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-dh120",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ch260",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ch220",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ch120",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          },
          {
            "model": "snc-ch115",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sony",
            "version": "1.86"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "BID",
            "id": "94575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:snc_series_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.8.5.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-cx600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-eb600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-eb600b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-eb602r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-eb630:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em602r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em602rc:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em630:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em631:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm600b5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm601:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm601b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm602r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm630:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-xm636:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-xm637:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb600l:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm600l:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-eb630b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em632rc:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb600b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb632d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm6305:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm631:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-wr632c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-xm632:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-xm631l:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb600b5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb630:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb6305:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb6307:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-wr600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-wr602:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-wr602c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-wr630:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-cx600w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-eb632r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em601:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em632r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vb635:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm600b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm6307:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-vm632r:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-wr632:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-xm631:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-wr602cl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:snc_series_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.7.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ch220:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ch260:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-dh120:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-dh120t:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er550c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er580:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er585:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er585h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-eb520:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em520:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-em521:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-zb550:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er520:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er521:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er521c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ch115:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ch160:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-dh160:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-dh220t:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-zm551:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ep580:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-zr550:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ep521:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ch120:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-dh220:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-dh260:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-zm550:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ep550:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-er550:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-zp550:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:snc-ep520:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SEC Consult",
        "sources": [
          {
            "db": "BID",
            "id": "94575"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-7834",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-7834",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-07172",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-96654",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-7834",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-7834",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07172",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-737",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-96654",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-7834",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7834"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device. SEC Consult reported this vulnerability to Sony, and Sony reported this vulnerability to JPCERT/CC to notify the solution to users through JVN. JPCERT/CC and Sony coordinated for the publication of this case.Authentication information may be obtained by an unauthenticated user who can access the device. As a result, the user can log in as an administrator and conduct any administrative operations. SONYSNC-CH115 and so on are Sony\u0027s network camera products. \nAn attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. SONY SNC-CH115, etc. The following devices are affected: SONY SNC-CH115; SNC-CH120; SNC-CH160; SNC-CH220; SNC-CH260; SNC-DH120; SNC-EB520; SNC-EM520; SNC-EM521; SNC-ZB550; SNC-ZM550; SNC-ZM551; SNC-EP550; SNC-EP580; SNC-ER550; ER585H; SNC-ZP550; SNC-ZR550; SNC-EP520; SNC-EP521; SNC-ER520; SNC-ER521;",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "BID",
            "id": "94575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7834"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU96435227",
            "trust": 3.5
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7834",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "94575",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-96654",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7834",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7834"
          },
          {
            "db": "BID",
            "id": "94575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "id": "VAR-201704-0098",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96654"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          }
        ]
      },
      "last_update_date": "2024-02-13T22:44:02.356000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "New firmware for network cameras",
            "trust": 1.6,
            "url": "https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras"
          },
          {
            "title": "Digital, Wireless \u0026 Network IP Security Cameras",
            "trust": 0.8,
            "url": "https://www.sony.co.uk/pro/products/video-security-ip-cameras"
          },
          {
            "title": "Patches for multiple SONYnetworkcameras information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/94075"
          },
          {
            "title": "Multiple SONY network cameras Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70219"
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7834"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "https://jvn.jp/en/vu/jvnvu96435227/index.html"
          },
          {
            "trust": 2.1,
            "url": "https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7834"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7834"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7834"
          },
          {
            "db": "BID",
            "id": "94575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-7834"
          },
          {
            "db": "BID",
            "id": "94575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-7834"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "BID",
            "id": "94575"
          },
          {
            "date": "2016-12-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          },
          {
            "date": "2017-04-13T17:59:00.653000",
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07172"
          },
          {
            "date": "2017-04-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-96654"
          },
          {
            "date": "2017-04-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-7834"
          },
          {
            "date": "2016-12-20T02:03:00",
            "db": "BID",
            "id": "94575"
          },
          {
            "date": "2017-05-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          },
          {
            "date": "2017-04-25T17:41:00.257000",
            "db": "NVD",
            "id": "CVE-2016-7834"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple SONY network cameras vulnerable to sensitive information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006038"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-737"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200509-0284

    Vulnerability from variot - Updated: 2023-12-18 13:58

    Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. PSP is prone to a denial-of-service vulnerability. The full name of PSP is PlayStation Portable, which is a new handheld game console developed by SONY.


    Bist Du interessiert an einem neuen Job in IT-Sicherheit?

    Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/


    TITLE: Sony PSP Photo Viewer TIFF File Handling Buffer Overflow

    SECUNIA ADVISORY ID: SA16922

    VERIFY ADVISORY: http://secunia.com/advisories/16922/

    CRITICAL: Moderately critical

    IMPACT: System access

    WHERE:

    From remote

    OPERATING SYSTEM: Sony PSP (PlayStation Portable) http://secunia.com/product/5764/

    DESCRIPTION: A vulnerability has been reported in Sony PSP, which potentially can be exploited by malicious people to compromise a user's system.

    This may be related to: SA15320

    The vulnerability has been reported in firmware version 2.0. Other versions may also be affected.

    SOLUTION: Do not open untrusted TIFF files.

    ORIGINAL ADVISORY: http://pspupdates.qj.net/2005/09/20-overflow-found-and-working.html

    OTHER REFERENCES: SA15320 http://secunia.com/advisories/15320/


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200509-0284",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "playstation portable",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sony",
            "version": "2.0_firmware"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:playstation_portable:2.0_firmware:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "89283"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2005-3084",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-14293",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2005-3084",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200509-252",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-14293",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14293"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. PSP is prone to a denial-of-service vulnerability. The full name of PSP is PlayStation Portable, which is a new handheld game console developed by SONY. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nSony PSP Photo Viewer TIFF File Handling Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA16922\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/16922/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nSony PSP (PlayStation Portable)\nhttp://secunia.com/product/5764/\n\nDESCRIPTION:\nA vulnerability has been reported in Sony PSP, which potentially can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThis may be related to:\nSA15320\n\nThe vulnerability has been reported in firmware version 2.0. Other\nversions may also be affected. \n\nSOLUTION:\nDo not open untrusted TIFF files. \n\nORIGINAL ADVISORY:\nhttp://pspupdates.qj.net/2005/09/20-overflow-found-and-working.html\n\nOTHER REFERENCES:\nSA15320\nhttp://secunia.com/advisories/15320/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "db": "BID",
            "id": "89283"
          },
          {
            "db": "VULHUB",
            "id": "VHN-14293"
          },
          {
            "db": "PACKETSTORM",
            "id": "40273"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2005-3084",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "16922",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "89283",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-14293",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40273",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14293"
          },
          {
            "db": "BID",
            "id": "89283"
          },
          {
            "db": "PACKETSTORM",
            "id": "40273"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ]
      },
      "id": "VAR-200509-0284",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14293"
          }
        ],
        "trust": 0.7
      },
      "last_update_date": "2023-12-18T13:58:32.083000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://pspupdates.qj.net/2005/09/20-overflow-found-and-working.html"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/16922"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/16922/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_vacancies/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/15320/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/5764/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-14293"
          },
          {
            "db": "BID",
            "id": "89283"
          },
          {
            "db": "PACKETSTORM",
            "id": "40273"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-14293"
          },
          {
            "db": "BID",
            "id": "89283"
          },
          {
            "db": "PACKETSTORM",
            "id": "40273"
          },
          {
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-09-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-14293"
          },
          {
            "date": "2005-09-27T00:00:00",
            "db": "BID",
            "id": "89283"
          },
          {
            "date": "2005-09-27T00:49:09",
            "db": "PACKETSTORM",
            "id": "40273"
          },
          {
            "date": "2005-09-27T20:03:00",
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "date": "2005-09-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-09-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-14293"
          },
          {
            "date": "2005-09-27T00:00:00",
            "db": "BID",
            "id": "89283"
          },
          {
            "date": "2008-09-05T20:53:25.357000",
            "db": "NVD",
            "id": "CVE-2005-3084"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sony PSP firmware TIFF Denial of service vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200509-252"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201204-0202

    Vulnerability from variot - Updated: 2023-12-18 13:44

    The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116. The Sony BRAVIA KDL-32CX525 is an HD LCD TV. A denial of service vulnerability exists in Sony BRAVIA TV that originated from errors in processing datagrams. An attacker could exploit the vulnerability to cause a device to stop responding and eventually shut down with a brute force attack. This vulnerability exists in the KDL-32CX525 release and other versions may be affected. Bravia Tv is prone to a denial-of-service vulnerability. ----------------------------------------------------------------------

    Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch


    TITLE: Sony BRAVIA TV Datagram Flooding Denial of Service

    SECUNIA ADVISORY ID: SA48705

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48705/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48705

    RELEASE DATE: 2012-04-06

    DISCUSS ADVISORY: http://secunia.com/advisories/48705/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/48705/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=48705

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in Sony BRAVIA TV, which can be exploited by malicious people to cause a DoS (Denial of Service).

    The vulnerability is reported in KDL-32CX525.

    SOLUTION: No fix is currently available.

    PROVIDED AND/OR DISCOVERED BY: Gabriel Menezes Nunes

    ORIGINAL ADVISORY: Gabriel Menezes Nunes: http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0202",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "bravia tv",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "sony",
            "version": "kdl-32cx525"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "model": "bravia tv kdl-32cx525",
            "scope": null,
            "trust": 0.3,
            "vendor": "sony",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "db": "BID",
            "id": "78204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:bravia_tv:kdl-32cx525:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "78204"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-2210",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2012-2210",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2012-8864",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-2210",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2012-8864",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201204-091",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116. The Sony BRAVIA KDL-32CX525 is an HD LCD TV. A denial of service vulnerability exists in Sony BRAVIA TV that originated from errors in processing datagrams. An attacker could exploit the vulnerability to cause a device to stop responding and eventually shut down with a brute force attack. This vulnerability exists in the KDL-32CX525 release and other versions may be affected. Bravia Tv is prone to a denial-of-service vulnerability. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSony BRAVIA TV Datagram Flooding Denial of Service\n\nSECUNIA ADVISORY ID:\nSA48705\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48705/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48705\n\nRELEASE DATE:\n2012-04-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48705/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48705/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48705\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Sony BRAVIA TV, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is reported in KDL-32CX525. \n\nSOLUTION:\nNo fix is currently available. \n\nPROVIDED AND/OR DISCOVERED BY:\nGabriel Menezes Nunes\n\nORIGINAL ADVISORY:\nGabriel Menezes Nunes:\nhttp://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "db": "BID",
            "id": "78204"
          },
          {
            "db": "PACKETSTORM",
            "id": "111654"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-2210",
            "trust": 3.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "18705",
            "trust": 2.5
          },
          {
            "db": "SECUNIA",
            "id": "48705",
            "trust": 1.7
          },
          {
            "db": "OSVDB",
            "id": "80957",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1026891",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "78204",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "111654",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "db": "BID",
            "id": "78204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "db": "PACKETSTORM",
            "id": "111654"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ]
      },
      "id": "VAR-201204-0202",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:44:39.597000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eSupport - KDL-32CX525",
            "trust": 0.8,
            "url": "http://esupport.sony.com/la/perl/model-home.pl?mdl=kdl32cx525"
          },
          {
            "title": "KDL-32CX525",
            "trust": 0.8,
            "url": "http://www.sony.de/product/tv-80-32-lcd/kdl-32cx525"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.exploit-db.com/exploits/18705/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/48705"
          },
          {
            "trust": 1.1,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html"
          },
          {
            "trust": 1.0,
            "url": "http://osvdb.org/80957"
          },
          {
            "trust": 1.0,
            "url": "http://www.securitytracker.com/id?1026891"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74644"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2210"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2210"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/psi_30_beta_launch"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48705"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/48705/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/48705/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "db": "BID",
            "id": "78204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "db": "PACKETSTORM",
            "id": "111654"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "db": "BID",
            "id": "78204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "db": "PACKETSTORM",
            "id": "111654"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-04-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "date": "2012-04-11T00:00:00",
            "db": "BID",
            "id": "78204"
          },
          {
            "date": "2012-04-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "date": "2012-04-06T06:04:18",
            "db": "PACKETSTORM",
            "id": "111654"
          },
          {
            "date": "2012-04-11T10:39:27.200000",
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "date": "2012-04-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-04-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "date": "2012-04-11T00:00:00",
            "db": "BID",
            "id": "78204"
          },
          {
            "date": "2012-04-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-002055"
          },
          {
            "date": "2017-12-20T02:29:01.507000",
            "db": "NVD",
            "id": "CVE-2012-2210"
          },
          {
            "date": "2012-04-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sony BRAVIA TV Denial of Service Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-8864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201204-091"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200612-0565

    Vulnerability from variot - Updated: 2023-12-18 13:30

    Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers. Intel PRO Ethernet The driver contains a buffer overflow vulnerability. This can lead to arbitrary code execution on the local machine.A local user may execute arbitrary code with system privileges on the local machine. An attacker can trigger this issue to corrupt memory and to execute code with kernel-level privileges. A successful attack can result in a complete compromise of the affected computer due to privilege escalation. All PCI, PCI-X, and PCIe Intel network adapter drivers are vulnerable. Intel Pro 100/1000 is a series of network card devices launched by Intel. Although the NDIS miniport driver occupies a low level, unprivileged userland code can still communicate with the driver through NIC statistics requests that need to be implemented by NDIS. If an attacker can send an IOCTL_NDIS_QUERY_SELECTED_STATS (0x17000E) request to \Device{adapterguid}, it will cause NDIS.SYS to call the QueryInformationHandler routine registered by the miniport driver when calling NdisMRegisterMiniport. The input buffer provided by this IOCTL is a list of 32-bit OIDs related to statistics, each of which is passed independently to the QueryInformationHandler, which contains the code required to retrieve the statistics and return them to the output buffer. Under Windows 2000, pointers to user-supplied buffers are passed directly to the miniport driver, which means the data is user-controllable. Under Windows XP and later versions, the pointer is transferred to a temporary buffer containing undefined data in the kernel memory, so the pool memory must be controlled before the attack to control the above data. A processor with OID 0xFF0203FC copies the output buffer's string to a stack variable using the following strcpy operation: strcpy(&(var_1D4.sz_62), (char*)InformationBuffer + 4) Thus, an attacker can String causes the processor to completely overwrite the return address of the function, redirecting execution flow to an arbitrary user-mode or kernel-mode address. The attack string must be at offset +0x0C in the output buffer, as NDIS itself uses the first 8 bytes.


    To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

    The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

    This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links

    Read the full description: http://corporate.secunia.com/products/48/?r=l

    Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l


    TITLE: Intel LAN Driver Unspecified Privilege Escalation Vulnerability

    SECUNIA ADVISORY ID: SA23221

    VERIFY ADVISORY: http://secunia.com/advisories/23221/

    CRITICAL: Less critical

    IMPACT: Privilege escalation

    WHERE: Local system

    SOFTWARE: Intel PRO 10/100 Adapters (Linux) 3.x http://secunia.com/product/12824/ Intel PRO 10/100 Adapters (UnixWare/SCO6) 4.x http://secunia.com/product/12827/ Intel PRO 10/100 Adapters (Windows) 8.x http://secunia.com/product/12821/ Intel PRO/1000 Adapters (Linux) 7.x http://secunia.com/product/12825/ Intel PRO/1000 Adapters (UnixWare/SCO6) 9.x http://secunia.com/product/12828/ Intel PRO/1000 Adapters (Windows) 8.x http://secunia.com/product/12822/ Intel PRO/1000 PCIe Adapters (Windows) 9.x http://secunia.com/product/12823/ Intel PRO/10GbE Adapters (Linux) 1.x http://secunia.com/product/12826/

    DESCRIPTION: A vulnerability has been reported in Intel LAN drivers, which can be exploited by malicious, local users to gain escalated privileges.

    The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow by using certain function calls incorrectly.

    SOLUTION: Apply patches (see the vendor's advisory for details).

    PROVIDED AND/OR DISCOVERED BY: The vendor credits eEye Digital Security.

    ORIGINAL ADVISORY: Intel: http://www.intel.com/support/network/sb/CS-023726.htm


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200612-0565",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pro 10 100 adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "8.0.27.0"
          },
          {
            "model": "pro 1000 adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "9.0.15"
          },
          {
            "model": "pro 10gbe adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "1.0.109"
          },
          {
            "model": "pro 10 100 adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "4.0.3"
          },
          {
            "model": "pro 1000 adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "7.2.7"
          },
          {
            "model": "pro 1000 adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "8.7.1.0"
          },
          {
            "model": "pro 10 100 adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "3.5.14"
          },
          {
            "model": "pro 1000 pcie adapters",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "intel",
            "version": "9.1.30.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intel",
            "version": null
          },
          {
            "model": "pcie pro/1000",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "intel",
            "version": "9.0.15.0 from  9.1.34.0"
          },
          {
            "model": "pro 10/100",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "intel",
            "version": "4.2.38.1 from  8.0.27.0"
          },
          {
            "model": "pro/1000",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "intel",
            "version": "6.2.21.0 from  8.7.1.0"
          },
          {
            "model": "vaio",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sony",
            "version": "( see the vendor information for type names. )"
          },
          {
            "model": "flora",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "220w(np3/np4/np7/np9)"
          },
          {
            "model": "flora",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "270gx(nw1/nw2/nw3)"
          },
          {
            "model": "flora",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "270hx(nw5)"
          },
          {
            "model": "flora",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "270w(nw6/nw7)"
          },
          {
            "model": "flora",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "330w(dg5/dg8)"
          },
          {
            "model": "flora",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "350w(de3/de4/de5/de7/de8/de9)"
          },
          {
            "model": "flora",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "bd100 a1/a3/b2/b3"
          },
          {
            "model": "ha8000 series",
            "scope": null,
            "trust": 0.8,
            "vendor": "hitachi",
            "version": null
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "k series: pcf-ar37k"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ar35k"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ar340"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "l series: pcf-ar37l"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ar35l"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "m series: pcf-ar37m"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ar35m"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ar33m"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "n series: pcf-ar35n"
          },
          {
            "model": "prius air",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ar33n"
          },
          {
            "model": "prius airnote",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "k series: pcf-an37kt"
          },
          {
            "model": "prius airnote",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "l series: pcf-an37lt"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "l series: pcf-ds75l"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ds73l"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "m series: pcf-ds75m"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-ds73m"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "n series: pcf-dh75n"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-dh73n"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "p series: pcf-dh75p2"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-dh73p2"
          },
          {
            "model": "prius deck",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "pcf-dh74p2w"
          },
          {
            "model": "celsius work station",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "( see the vendor information for type names. )"
          },
          {
            "model": "fmv desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "series  ( see the vendor information for type names. )"
          },
          {
            "model": "fmv fa computer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "( see the vendor information for type names. )"
          },
          {
            "model": "fmv-deskpower",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "series  ( see the vendor information for type names. )"
          },
          {
            "model": "fmv-esprimo",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "series  ( see the vendor information for type names. )"
          },
          {
            "model": "fmv-lifebook",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "series  ( see the vendor information for type names. )"
          },
          {
            "model": "option card",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "(fmv lan driver  - refer to vendor information for details. )"
          },
          {
            "model": "pro/1000",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "intel",
            "version": "8.7.9.0"
          },
          {
            "model": "pro 1000 adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "7.2.7"
          },
          {
            "model": "pro 10gbe adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "1.0.109"
          },
          {
            "model": "pro 1000 pcie adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "9.1.30.0"
          },
          {
            "model": "pro 1000 adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "9.0.15"
          },
          {
            "model": "pro 1000 adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "8.7.1.0"
          },
          {
            "model": "pro 10 100 adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "3.5.14"
          },
          {
            "model": "pro 10 100 adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "4.0.3"
          },
          {
            "model": "pro 10 100 adapters",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "intel",
            "version": "8.0.27.0"
          },
          {
            "model": "pro/10gbe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "1.0.109"
          },
          {
            "model": "pro/1000 pcie",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.1.30.0"
          },
          {
            "model": "pro/1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "0"
          },
          {
            "model": "pro/1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.0.15"
          },
          {
            "model": "pro/1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.2.7"
          },
          {
            "model": "pro/1000",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "8.7.1.0"
          },
          {
            "model": "pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10/1004.0.3"
          },
          {
            "model": "pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10/1003.5.14"
          },
          {
            "model": "pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10/1008.0.27.0"
          },
          {
            "model": "pro/10gbe",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "1.0.119"
          },
          {
            "model": "pro/1000 pcie",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.6.31"
          },
          {
            "model": "pro/1000",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.2.17"
          },
          {
            "model": "pro/1000",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "9.2.6"
          },
          {
            "model": "pro/1000",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "7.3.15"
          },
          {
            "model": "pro",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10/1004.0.4"
          },
          {
            "model": "pro",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10/1003.5.17"
          },
          {
            "model": "pro",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "intel",
            "version": "10/1008.0.43.0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "db": "BID",
            "id": "21456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_1000_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0.15",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_1000_pcie_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.1.30.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_10_100_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.0.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_10_100_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.0.27.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_10_100_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.5.14",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_10gbe_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.109",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_1000_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.2.7",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pro_1000_adapters:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.7.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Derek Soeder dsoeder@eeye.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-6385",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": true,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2006-6385",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-22493",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-6385",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#296681",
                "trust": 0.8,
                "value": "1.06"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200612-151",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-22493",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "db": "VULHUB",
            "id": "VHN-22493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with \"kernel-level\" privileges via an incorrect function call in certain OID handlers. Intel PRO Ethernet The driver contains a buffer overflow vulnerability. This can lead to arbitrary code execution on the local machine.A local user may execute arbitrary code with system privileges on the local machine. \nAn attacker can trigger this issue to corrupt memory and to execute code with kernel-level privileges. \nA successful attack can result in a complete compromise of the affected computer due to privilege escalation. \nAll PCI, PCI-X, and PCIe Intel network adapter drivers are vulnerable. Intel Pro 100/1000 is a series of network card devices launched by Intel. Although the NDIS miniport driver occupies a low level, unprivileged userland code can still communicate with the driver through NIC statistics requests that need to be implemented by NDIS. If an attacker can send an IOCTL_NDIS_QUERY_SELECTED_STATS (0x17000E) request to \\Device\\{adapterguid}, it will cause NDIS.SYS to call the QueryInformationHandler routine registered by the miniport driver when calling NdisMRegisterMiniport. The input buffer provided by this IOCTL is a list of 32-bit OIDs related to statistics, each of which is passed independently to the QueryInformationHandler, which contains the code required to retrieve the statistics and return them to the output buffer. Under Windows 2000, pointers to user-supplied buffers are passed directly to the miniport driver, which means the data is user-controllable. Under Windows XP and later versions, the pointer is transferred to a temporary buffer containing undefined data in the kernel memory, so the pool memory must be controlled before the attack to control the above data. A processor with OID 0xFF0203FC copies the output buffer\u0027s string to a stack variable using the following strcpy operation: strcpy(\u0026(var_1D4.sz_62), (char*)InformationBuffer + 4) Thus, an attacker can String causes the processor to completely overwrite the return address of the function, redirecting execution flow to an arbitrary user-mode or kernel-mode address. The attack string must be at offset +0x0C in the output buffer, as NDIS itself uses the first 8 bytes. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nIntel LAN Driver Unspecified Privilege Escalation Vulnerability\n\nSECUNIA ADVISORY ID:\nSA23221\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23221/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIntel PRO 10/100 Adapters (Linux) 3.x\nhttp://secunia.com/product/12824/\nIntel PRO 10/100 Adapters (UnixWare/SCO6) 4.x\nhttp://secunia.com/product/12827/\nIntel PRO 10/100 Adapters (Windows) 8.x\nhttp://secunia.com/product/12821/\nIntel PRO/1000 Adapters (Linux) 7.x\nhttp://secunia.com/product/12825/\nIntel PRO/1000 Adapters (UnixWare/SCO6) 9.x\nhttp://secunia.com/product/12828/\nIntel PRO/1000 Adapters (Windows) 8.x\nhttp://secunia.com/product/12822/\nIntel PRO/1000 PCIe Adapters (Windows) 9.x\nhttp://secunia.com/product/12823/\nIntel PRO/10GbE Adapters (Linux) 1.x\nhttp://secunia.com/product/12826/\n\nDESCRIPTION:\nA vulnerability has been reported in Intel LAN drivers, which can be\nexploited by malicious, local users to gain escalated privileges. \n\nThe vulnerability is caused due to an unspecified error and can be\nexploited to cause a buffer overflow by using certain function calls\nincorrectly. \n\nSOLUTION:\nApply patches (see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits eEye Digital Security. \n\nORIGINAL ADVISORY:\nIntel:\nhttp://www.intel.com/support/network/sb/CS-023726.htm\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "db": "BID",
            "id": "21456"
          },
          {
            "db": "VULHUB",
            "id": "VHN-22493"
          },
          {
            "db": "PACKETSTORM",
            "id": "52799"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "23221",
            "trust": 3.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#296681",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "21456",
            "trust": 2.8
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6385",
            "trust": 2.8
          },
          {
            "db": "SECTRACK",
            "id": "1017346",
            "trust": 2.5
          },
          {
            "db": "SREASON",
            "id": "2007",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4871",
            "trust": 1.7
          },
          {
            "db": "XF",
            "id": "30750",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151",
            "trust": 0.7
          },
          {
            "db": "MLIST",
            "id": "[FREEBSD-SECURITY] 20061206 INTEL LAN DRIVER BUFFER OVERFLOW LOCAL PRIVILEGE ESCALATION",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20061207 EEYE: INTEL NETWORK ADAPTER DRIVER LOCAL PRIVILEGE ESCALATION",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-22493",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "52799",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "db": "VULHUB",
            "id": "VHN-22493"
          },
          {
            "db": "BID",
            "id": "21456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "db": "PACKETSTORM",
            "id": "52799"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ]
      },
      "id": "VAR-200612-0565",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22493"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:30:41.874000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Network Connectivity - Intel LAN Driver Buffer Overflow Local Privilege Escalation",
            "trust": 0.8,
            "url": "http://www.intel.com/support/network/sb/cs-023726.htm"
          },
          {
            "title": "Network Connectivity - How to Determine the Driver Version for an Intel Network Adapter",
            "trust": 0.8,
            "url": "http://support.intel.com/support/network/sb/cs-023453.htm"
          },
          {
            "title": "INTEL-SA-00006",
            "trust": 0.8,
            "url": "http://security-center.intel.com/advisory.aspx?intelid=intel-sa-00006\u0026languageid=en-fr"
          },
          {
            "title": "\u30b5\u30dd\u30fc\u30c8\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://vcl.vaio.sony.co.jp/"
          },
          {
            "title": "\u300cEthernet Driver Ver.8.0.43.0\u300d\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u30d7\u30ed\u30b0\u30e9\u30e0",
            "trust": 0.8,
            "url": "http://vcl.vaio.sony.co.jp/download/sp-015317-00.html"
          },
          {
            "title": "\u300cEthernet Driver Ver.8.7.9.0\u300d\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u30d7\u30ed\u30b0\u30e9\u30e0",
            "trust": 0.8,
            "url": "http://vcl.vaio.sony.co.jp/download/sp-015318-00.html"
          },
          {
            "title": "\u300cEthernet Driver Ver.9.6.31.0\u300d\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u30d7\u30ed\u30b0\u30e9\u30e0",
            "trust": 0.8,
            "url": "http://vcl.vaio.sony.co.jp/download/sp-015318-01.html"
          },
          {
            "title": "\u30a4\u30f3\u30c6\u30ebR LAN \u30c9\u30e9\u30a4\u30d0\u30fc : \u30d0\u30c3\u30d5\u30a1\u30fc\u30fb\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306b\u3088\u308b\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u306e\u6607\u683c",
            "trust": 0.8,
            "url": "http://www.intel.com/jp/support/network/sb/cs-023726.htm"
          },
          {
            "title": "\u3010\u91cd\u8981\u3011Inetl\u793e\u88fdLAN\u30c9\u30e9\u30a4\u30d0\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/prod/comp/osd/pc/ha/information/info070104.html"
          },
          {
            "title": "\u3010\u91cd\u8981\u3011 Intel\u793e\u88fdLAN\u30c9\u30e9\u30a4\u30d0\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/prod/comp/osd/pc/flora/information/info0701051.html"
          },
          {
            "title": "Intel\u793e\u88fdLAN\u30c9\u30e9\u30a4\u30d0\u306e\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
            "trust": 0.8,
            "url": "http://prius.jeevessolutions.jp/je/faq.asp?fid=104034"
          },
          {
            "title": "[\u7dca\u6025] Intel\u793e\u88fdLAN\u30c9\u30e9\u30a4\u30d0\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
            "trust": 0.8,
            "url": "http://www.fmworld.net/biz/common/intel/lan-driver/"
          },
          {
            "title": "VU#296681",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu296681.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.intel.com/support/network/sb/cs-023726.htm"
          },
          {
            "trust": 2.5,
            "url": "http://research.eeye.com/html/advisories/published/ad20061207.html"
          },
          {
            "trust": 2.5,
            "url": "http://research.eeye.com/html/advisories/upcoming/20060710.html"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/21456"
          },
          {
            "trust": 2.5,
            "url": "http://www.kb.cert.org/vuls/id/296681"
          },
          {
            "trust": 2.5,
            "url": "http://securitytracker.com/id?1017346"
          },
          {
            "trust": 2.5,
            "url": "http://secunia.com/advisories/23221"
          },
          {
            "trust": 1.7,
            "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-december/004186.html"
          },
          {
            "trust": 1.7,
            "url": "http://securityreason.com/securityalert/2007"
          },
          {
            "trust": 1.4,
            "url": "http://xforce.iss.net/xforce/xfdb/30750"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/453852/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/primergy-200701e.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/4871"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30750"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/23221/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6385"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23296681/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-6385"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/4871"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/453852/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "http://support.intel.com/support/network/sb/cs-006120.htm"
          },
          {
            "trust": 0.3,
            "url": "http://support.intel.com/support/network/sb/cs-006103.htm"
          },
          {
            "trust": 0.3,
            "url": "http://support.intel.com/support/network/adapter/pro100/sb/cs-008402.htm"
          },
          {
            "trust": 0.3,
            "url": "http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=migr-67116"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/453852"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12822/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12821/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12825/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12828/"
          },
          {
            "trust": 0.1,
            "url": "http://corporate.secunia.com/products/48/?r=l"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12826/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12827/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12824/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12823/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "db": "VULHUB",
            "id": "VHN-22493"
          },
          {
            "db": "BID",
            "id": "21456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "db": "PACKETSTORM",
            "id": "52799"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "db": "VULHUB",
            "id": "VHN-22493"
          },
          {
            "db": "BID",
            "id": "21456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "db": "PACKETSTORM",
            "id": "52799"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-12-18T00:00:00",
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "date": "2006-12-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-22493"
          },
          {
            "date": "2006-12-06T00:00:00",
            "db": "BID",
            "id": "21456"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "date": "2006-12-07T06:24:29",
            "db": "PACKETSTORM",
            "id": "52799"
          },
          {
            "date": "2006-12-08T01:28:00",
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "date": "2006-12-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-01-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#296681"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-22493"
          },
          {
            "date": "2008-05-06T22:45:00",
            "db": "BID",
            "id": "21456"
          },
          {
            "date": "2007-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000813"
          },
          {
            "date": "2018-10-17T21:48:00.017000",
            "db": "NVD",
            "id": "CVE-2006-6385"
          },
          {
            "date": "2006-12-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "21456"
          },
          {
            "db": "PACKETSTORM",
            "id": "52799"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Intel network drivers privilege escalation vulnerability",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#296681"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-151"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0799

    Vulnerability from variot - Updated: 2023-12-18 13:29

    Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Sony NFC Port Software, etc. are all products of Sony Corporation of Japan. Sony NFC Port Software is a set of NFC interface software. PC/SC Activator for Type B is a Type B interface support software. An untrusted search path vulnerability exists in several Sony products. A remote attacker can exploit this vulnerability to obtain permissions with the help of malicious DLLs in the directory

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0799",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "sfcard viewer 2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sony",
            "version": "2.5.0.0"
          },
          {
            "model": "nfc port",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "5.3.6.7"
          },
          {
            "model": "nfc net installer",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "1.1.0.0"
          },
          {
            "model": "pc\\/sc activator for type b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "1.2.1.0"
          },
          {
            "model": "nfc port",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "5.5.0.6"
          },
          {
            "model": "nfc net installer",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "ver.1.1.0.0"
          },
          {
            "model": "nfc port software",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "version 5.3.6.7  products: rc-s320, rc-s310/j1c, rc-s310/ed4c"
          },
          {
            "model": "nfc port software",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "version 5.5.0.6  products: rc-s310, rc-s320, rc-s330, rc-s370, rc-s380, rc-s380/s"
          },
          {
            "model": "pc/sc activator for type b",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "ver.1.2.1.0"
          },
          {
            "model": "sfcard viewer 2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "ver.2.5.0.0"
          },
          {
            "model": "nfc port",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "5.3.6.7"
          },
          {
            "model": "pc\\/sc activator for type b",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "1.2.1.0"
          },
          {
            "model": "nfc net installer",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "1.1.0.0"
          },
          {
            "model": "nfc port",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "5.5.0.6"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "5.5.0.6",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s330:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s370:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s380:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s380\\/s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s310:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "5.3.6.7",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s310\\/j1c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s310\\/ed4c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:pc\\/sc_activator_for_type_b:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:sfcard_viewer_2:2.5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:nfc_net_installer:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          }
        ]
      },
      "cve": "CVE-2017-2286",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000189",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-110489",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000189",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2286",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000189",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-078",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110489",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110489"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Sony NFC Port Software, etc. are all products of Sony Corporation of Japan. Sony NFC Port Software is a set of NFC interface software. PC/SC Activator for Type B is a Type B interface support software. An untrusted search path vulnerability exists in several Sony products. A remote attacker can exploit this vulnerability to obtain permissions with the help of malicious DLLs in the directory",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110489"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2286",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVN16136413",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-110489",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110489"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "id": "VAR-201708-0799",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110489"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:29:11.305000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "New installer with security fixes for users of the USB NFC reader for Windows",
            "trust": 0.8,
            "url": "https://www.sony.net/products/felica/business/information/170725.html"
          },
          {
            "title": "Multiple Sony Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75599"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-427",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110489"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn16136413/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2286"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/en/ta/jvnta91240916/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2286"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110489"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-110489"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110489"
          },
          {
            "date": "2017-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "date": "2017-08-02T16:29:00.597000",
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "date": "2017-08-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110489"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          },
          {
            "date": "2017-08-23T14:05:02.177000",
            "db": "NVD",
            "id": "CVE-2017-2286"
          },
          {
            "date": "2017-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000189"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-078"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-1325

    Vulnerability from variot - Updated: 2023-12-18 13:28

    The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage. Sony Xperia Touch Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. Sony Xperia Touch is a touch projector from Sony Corporation of Japan.

    Com.sonymobile.android.maintenancetool.testmic app in Sony Xperia Touch (build fingerprint:Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys) Access control error vulnerability. An attacker can exploit this vulnerability for unauthorized microphone recording

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1325",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xperia touch",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "sony",
            "version": null
          },
          {
            "model": "xperia touch",
            "scope": null,
            "trust": 1.4,
            "vendor": "sony",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:xperia_touch_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:xperia_touch:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          }
        ]
      },
      "cve": "CVE-2019-15743",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 2.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-15743",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-41673",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-15743",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-15743",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-41673",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-981",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage. Sony Xperia Touch Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. Sony Xperia Touch is a touch projector from Sony Corporation of Japan. \n\nCom.sonymobile.android.maintenancetool.testmic app in Sony Xperia Touch (build fingerprint:Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys) Access control error vulnerability. An attacker can exploit this vulnerability for unauthorized microphone recording",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15743",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ]
      },
      "id": "VAR-201911-1325",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          }
        ],
        "trust": 1.225
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:28:20.551000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Xperia Touch G1109",
            "trust": 0.8,
            "url": "https://www.sonymobile.co.jp/product/smartproducts/g1109/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-610",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.kryptowire.com/android-firmware-2019/"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15743"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15743"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "date": "2019-11-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "date": "2019-11-14T17:15:24.787000",
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "date": "2019-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "date": "2019-11-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-012073"
          },
          {
            "date": "2019-11-19T20:31:38.380000",
            "db": "NVD",
            "id": "CVE-2019-15743"
          },
          {
            "date": "2019-11-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sony Xperia Touch Access Control Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-41673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-981"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0321

    Vulnerability from variot - Updated: 2023-12-18 13:24

    Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in to the product as an administrator may execute arbitrary OS commands. There are security vulnerabilities in Sony WG-C103.0.79 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0321",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "v3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sony",
            "version": "\u003c=3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "3.0.79"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:wg-c10_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "3.0.79",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:wg-c10:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          }
        ]
      },
      "cve": "CVE-2017-2276",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000175",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.6,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-24404",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-110479",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000175",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 1.6,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2017-000175",
                "trust": 1.6,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-2276",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24404",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-1099",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110479",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in to the product as an administrator may execute arbitrary OS commands. There are security vulnerabilities in Sony WG-C103.0.79 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110479"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN14151222",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2276",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110479",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ]
      },
      "id": "VAR-201707-0321",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110479"
          }
        ],
        "trust": 1.2999999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:25.126000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Notice for the WG-C10 Portable Wireless Server",
            "trust": 0.8,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-78",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn14151222/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2275"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2276"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2275"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2276"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn14151222/"
          },
          {
            "trust": 0.1,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026amp;mdl=wgc10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110479"
          },
          {
            "date": "2017-07-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "date": "2017-07-22T00:29:00.340000",
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110479"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "date": "2017-07-26T20:11:19.653000",
            "db": "NVD",
            "id": "CVE-2017-2276"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities SONY Portable Wireless Server WG-C10",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1099"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0322

    Vulnerability from variot - Updated: 2023-12-18 13:24

    WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. There are security vulnerabilities in Sony WG-C103.0.79 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0322",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "v3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sony",
            "version": "\u003c=3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "3.0.79"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:wg-c10_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "3.0.79",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:wg-c10:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          }
        ]
      },
      "cve": "CVE-2017-2277",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000176",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-24405",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-110480",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000176",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2277",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000176",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24405",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-1098",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110480",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. There are security vulnerabilities in Sony WG-C103.0.79 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110480"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2277",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN77412145",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098",
            "trust": 0.7
          },
          {
            "db": "JVN",
            "id": "JVN14151222",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110480",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ]
      },
      "id": "VAR-201707-0322",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110480"
          }
        ],
        "trust": 1.2999999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:25.090000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Notice for the WG-C10 Portable Wireless Server",
            "trust": 0.8,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn77412145/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2277"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2277"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn14151222/"
          },
          {
            "trust": 0.1,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026amp;mdl=wgc10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110480"
          },
          {
            "date": "2017-07-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "date": "2017-07-22T00:29:00.373000",
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24405"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110480"
          },
          {
            "date": "2018-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          },
          {
            "date": "2020-08-24T17:37:01.140000",
            "db": "NVD",
            "id": "CVE-2017-2277"
          },
          {
            "date": "2020-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SONY Portable Wireless Server WG-C10 fails to restrict access permissions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000176"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1098"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0320

    Vulnerability from variot - Updated: 2023-12-18 13:24

    WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. There are security vulnerabilities in Sony WG-C103.0.79 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0320",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sony",
            "version": "3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "sony",
            "version": "v3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "sony",
            "version": "\u003c=3.0.79"
          },
          {
            "model": "wg-c10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sony",
            "version": "3.0.79"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:sony:wg-c10_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "3.0.79",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:sony:wg-c10:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          }
        ]
      },
      "cve": "CVE-2017-2275",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000175",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 1.6,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-24404",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-110478",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000175",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 1.6,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2017-000175",
                "trust": 1.6,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-2275",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24404",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-1100",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110478",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110478"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. There are security vulnerabilities in Sony WG-C103.0.79 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110478"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN14151222",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2275",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110478",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110478"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ]
      },
      "id": "VAR-201707-0320",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110478"
          }
        ],
        "trust": 1.2999999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:25.062000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Notice for the WG-C10 Portable Wireless Server",
            "trust": 0.8,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110478"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn14151222/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2275"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2276"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2275"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2276"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn14151222/"
          },
          {
            "trust": 0.1,
            "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026amp;mdl=wgc10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110478"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110478"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110478"
          },
          {
            "date": "2017-07-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "date": "2017-07-22T00:29:00.310000",
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24404"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110478"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          },
          {
            "date": "2017-07-26T20:07:53.697000",
            "db": "NVD",
            "id": "CVE-2017-2275"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities SONY Portable Wireless Server WG-C10",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000175"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1100"
          }
        ],
        "trust": 0.6
      }
    }