var-201303-0235
Vulnerability from variot
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing authentication requests. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. In addition, arbitrary code may be executed on the server. VxWorks is an embedded real-time operating system. Wind River VxWorks is a set of real-time operating systems for the Internet of Things developed by Wind River. Vulnerabilities in IPSSH (aka SSH Server) in Wind River VxWorks 6.5 to 6.9. VxWorks is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected SSH access to be unavailable, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. VxWorks 6.5 through version 6.9 are vulnerable; other versions may also be affected. Vendor affected: TP-Link (http://tp-link.com)
Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)
Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)
Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
Vendor response: TP-Link are not convinced that these flaws should be repaired.
TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.
Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.
(TL-SG2008 first product availability July 2014...)
Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")
Fix availability: None.
Work-arounds advised: None possible. Remove products from network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.9"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.7"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.6"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "6.5 through 6.9"
},
{
"model": "river systems vxworks through",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.56.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.9"
}
],
"sources": [
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:windriver:vxworks",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd",
"sources": [
{
"db": "BID",
"id": "58642"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-0714",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2013-000021",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02002",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "09730b60-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0714",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2013-000021",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-02002",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-408",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing authentication requests. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. In addition, arbitrary code may be executed on the server. VxWorks is an embedded real-time operating system. Wind River VxWorks is a set of real-time operating systems for the Internet of Things developed by Wind River. \nVulnerabilities in IPSSH (aka SSH Server) in Wind River VxWorks 6.5 to 6.9. VxWorks is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause an affected SSH access to be unavailable, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. \nVxWorks 6.5 through version 6.9 are vulnerable; other versions may also be affected. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n * All TP-Link VxWorks-based devices (confirmed by vendor)\n * All \"2-series\" switches (confirmed by vendor)\n * TL-SG2008 semi-managed switch (confirmed by vendor)\n * TL-SG2216 semi-managed switch (confirmed by vendor)\n * TL-SG2424 semi-managed switch (confirmed by vendor)\n * TL-SG2424P semi-managed switch (confirmed by vendor)\n * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n at the very least:\n * CVE-2013-0716 (confirmed by vendor)\n * CVE-2013-0715 (confirmed by vendor)\n * CVE-2013-0714 (confirmed by vendor)\n * CVE-2013-0713 (confirmed by vendor)\n * CVE-2013-0712 (confirmed by vendor)\n * CVE-2013-0711 (confirmed by vendor)\n * CVE-2010-2967 (confirmed by vendor)\n * CVE-2010-2966 (confirmed by vendor)\n * CVE-2008-2476 (confirmed by vendor)\n * SSLv2 is available and cannot be disabled unless HTTPS is\n completely disabled (allows downgrade attacks)\n (confirmed by vendor)\n * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n be disabled (allows downgrade attacks)\n (confirmed by vendor)\n\nDesign flaws:\n * Telnet is available and cannot be disabled (confirmed by vendor)\n * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n TP-Link are not convinced that these flaws should be repaired. \n\n TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n intermittently. Most emails bounced. Lost contact with vendor, but\n did confirm that development lead is now on holiday and will not\n return for at least a week. \n\n Initial vendor reaction was to recommend purchase of \"3-series\"\n switches. Vendor did not offer reasons why \"3-series\" switches would\n be more secure, apart from lack of telnet service. Vendor confirmed\n that no development time can be allocated to securing \"2-series\"\n product and all focus has shifted to newer products. \n\n (TL-SG2008 first product availability July 2014...)\n\n Vendor deeply confused about security of DES/3DES, MD5, claimed that\n all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n have different security level.\")\n\nFix availability:\n None. \n\nWork-arounds advised:\n None possible. Remove products from network",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"db": "BID",
"id": "58642"
},
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "128512"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0714",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN20671901",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-13-091-01",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2013-02002",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN#20671901",
"trust": 0.6
},
{
"db": "BID",
"id": "58642",
"trust": 0.3
},
{
"db": "IVD",
"id": "09730B60-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128512",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"db": "BID",
"id": "58642"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"id": "VAR-201303-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02002"
}
],
"trust": 1.30988144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02002"
}
]
},
"last_update_date": "2024-11-23T21:21:00.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from Wind River Systems",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/JVN20671901/995359/index.html"
},
{
"title": "Patch for VxWorks SSH server (IPSSH) Denial of Service Vulnerability (CNVD-2013-02002)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/32972"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn20671901/index.html"
},
{
"trust": 1.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-091-01"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000021"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn20671901/995359/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0714"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0714"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000021.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
},
{
"trust": 0.1,
"url": "http://tp-link.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"db": "BID",
"id": "58642"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-25T00:00:00",
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"date": "2013-03-18T00:00:00",
"db": "BID",
"id": "58642"
},
{
"date": "2013-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"date": "2014-10-01T10:11:11",
"db": "PACKETSTORM",
"id": "128512"
},
{
"date": "2013-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"date": "2013-03-20T18:55:01.767000",
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02002"
},
{
"date": "2015-03-19T08:10:00",
"db": "BID",
"id": "58642"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000021"
},
{
"date": "2013-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-408"
},
{
"date": "2024-11-21T01:48:03.190000",
"db": "NVD",
"id": "CVE-2013-0714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000021"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "09730b60-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-408"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.