var-201303-0233
Vulnerability from variot
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.SSH access may become unavailable until the next reboot when receiving a specially crafted packet after a SSH connection is established. VxWorks is an embedded real-time operating system. An attacker can pass a specially crafted packet, causing a denial of service. VxWorks is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions for legitimate users. VxWorks 6.5 through 6.9 are vulnerable; other versions may also be affected. Vendor affected: TP-Link (http://tp-link.com)
Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)
Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)
Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
Vendor response: TP-Link are not convinced that these flaws should be repaired.
TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.
Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.
(TL-SG2008 first product availability July 2014...)
Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")
Fix availability: None.
Work-arounds advised: None possible. Remove products from network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.9"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.7"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.6"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "6.5 through 6.9"
},
{
"model": "river systems vxworks through",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.56.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.9"
}
],
"sources": [
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-406"
},
{
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:windriver:vxworks",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd.",
"sources": [
{
"db": "BID",
"id": "58643"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2013-0712",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2013-000019",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-01997",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "097d99c2-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0712",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2013-000019",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-01997",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-406",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-406"
},
{
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.SSH access may become unavailable until the next reboot when receiving a specially crafted packet after a SSH connection is established. VxWorks is an embedded real-time operating system. An attacker can pass a specially crafted packet, causing a denial of service. VxWorks is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to cause denial-of-service conditions for legitimate users. \nVxWorks 6.5 through 6.9 are vulnerable; other versions may also be affected. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n * All TP-Link VxWorks-based devices (confirmed by vendor)\n * All \"2-series\" switches (confirmed by vendor)\n * TL-SG2008 semi-managed switch (confirmed by vendor)\n * TL-SG2216 semi-managed switch (confirmed by vendor)\n * TL-SG2424 semi-managed switch (confirmed by vendor)\n * TL-SG2424P semi-managed switch (confirmed by vendor)\n * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n at the very least:\n * CVE-2013-0716 (confirmed by vendor)\n * CVE-2013-0715 (confirmed by vendor)\n * CVE-2013-0714 (confirmed by vendor)\n * CVE-2013-0713 (confirmed by vendor)\n * CVE-2013-0712 (confirmed by vendor)\n * CVE-2013-0711 (confirmed by vendor)\n * CVE-2010-2967 (confirmed by vendor)\n * CVE-2010-2966 (confirmed by vendor)\n * CVE-2008-2476 (confirmed by vendor)\n * SSLv2 is available and cannot be disabled unless HTTPS is\n completely disabled (allows downgrade attacks)\n (confirmed by vendor)\n * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n be disabled (allows downgrade attacks)\n (confirmed by vendor)\n\nDesign flaws:\n * Telnet is available and cannot be disabled (confirmed by vendor)\n * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n TP-Link are not convinced that these flaws should be repaired. \n\n TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n intermittently. Most emails bounced. Lost contact with vendor, but\n did confirm that development lead is now on holiday and will not\n return for at least a week. \n\n Initial vendor reaction was to recommend purchase of \"3-series\"\n switches. Vendor did not offer reasons why \"3-series\" switches would\n be more secure, apart from lack of telnet service. Vendor confirmed\n that no development time can be allocated to securing \"2-series\"\n product and all focus has shifted to newer products. \n\n (TL-SG2008 first product availability July 2014...)\n\n Vendor deeply confused about security of DES/3DES, MD5, claimed that\n all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n have different security level.\")\n\nFix availability:\n None. \n\nWork-arounds advised:\n None possible. Remove products from network",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0712"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"db": "BID",
"id": "58643"
},
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "128512"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0712",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN01611135",
"trust": 2.7
},
{
"db": "CNVD",
"id": "CNVD-2013-01997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-406",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#01611135",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-091-01",
"trust": 0.3
},
{
"db": "BID",
"id": "58643",
"trust": 0.3
},
{
"db": "IVD",
"id": "097D99C2-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128512",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"db": "BID",
"id": "58643"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-406"
},
{
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"id": "VAR-201303-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01997"
}
],
"trust": 1.30988144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01997"
}
]
},
"last_update_date": "2024-11-23T21:25:25.278000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from Wind River Systems",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/JVN01611135/995359/index.html"
},
{
"title": "Patch for VxWorks SSH server (IPSSH) Denial of Service Vulnerability (CNVD-2013-01997)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/32970"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://jvn.jp/en/jp/jvn01611135/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000019"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn01611135/995359/index.html"
},
{
"trust": 0.9,
"url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000019.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0712"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0712"
},
{
"trust": 0.3,
"url": "http://www.windriver.com/"
},
{
"trust": 0.3,
"url": "http://www.windriver.com/products/vxworks.html"
},
{
"trust": 0.3,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-091-01.pdf"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
},
{
"trust": 0.1,
"url": "http://tp-link.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"db": "BID",
"id": "58643"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-406"
},
{
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"db": "BID",
"id": "58643"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-406"
},
{
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-25T00:00:00",
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"date": "2013-03-18T00:00:00",
"db": "BID",
"id": "58643"
},
{
"date": "2013-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"date": "2014-10-01T10:11:11",
"db": "PACKETSTORM",
"id": "128512"
},
{
"date": "2013-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-406"
},
{
"date": "2013-03-20T18:55:01.727000",
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-01997"
},
{
"date": "2015-03-19T09:15:00",
"db": "BID",
"id": "58643"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000019"
},
{
"date": "2013-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-406"
},
{
"date": "2024-11-21T01:48:02.950000",
"db": "NVD",
"id": "CVE-2013-0712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000019"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "097d99c2-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-406"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.