admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Nozomi Oct 2022

Browse Source
This commit is contained in:
Natalino Picone 2022-10-24 11:44:33 +02:00
parent 3fc19461af
commit 7dbffb4cc9
No known key found for this signature in database
GPG Key ID: 832E0A4E5D10525E
13 changed files with 1080 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
2021/26xxx/CVE-2021-26727.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26727",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727/",
"discovery": "EXTERNAL"
}
}

94
2021/26xxx/CVE-2021-26728.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26728",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26728/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26728/",
"discovery": "EXTERNAL"
}
}

94
2021/26xxx/CVE-2021-26729.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26729",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overflows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26729/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26729/",
"discovery": "EXTERNAL"
}
}

86
2021/26xxx/CVE-2021-26730.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26730",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26730/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26730/",
"discovery": "EXTERNAL"
}
}

94
2021/26xxx/CVE-2021-26731.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26731/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26731/",
"discovery": "EXTERNAL"
}
}

86
2021/26xxx/CVE-2021-26732.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice First_network_func Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26732/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26732/",
"discovery": "EXTERNAL"
}
}

86
2021/26xxx/CVE-2021-26733.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice FirstReset_handler_func Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26733/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26733/",
"discovery": "EXTERNAL"
}
}

86
2021/44xxx/CVE-2021-44467.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-44467",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice KillDupUsr_func Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44467/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44467/",
"discovery": "EXTERNAL"
}
}

86
2021/44xxx/CVE-2021-44769.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-44769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "TLS Certificate Generation Function Improper Input Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44769/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44769/",
"discovery": "EXTERNAL"
}
}

86
2021/44xxx/CVE-2021-44776.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-44776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "spx_restservice SubNet_handler_func Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44776/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44776/",
"discovery": "EXTERNAL"
}
}

86
2021/45xxx/CVE-2021-45925.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-45925",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Username Enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-45925/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-45925/",
"discovery": "EXTERNAL"
}
}

94
2021/46xxx/CVE-2021-46279.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-46279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Session Fixation and Insufficient Session Expiration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-613 Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-46279/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-46279/",
"discovery": "EXTERNAL"
}
}

86
2021/4xxx/CVE-2021-4228.json
View File

@ -1,18 +1,92 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-4228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Hard-coded TLS Certificate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IAC-AST2500A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.00.0"
}
]
}
}
]
},
"vendor_name": "Lanner Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.00.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-4228/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-4228/",
"discovery": "EXTERNAL"
}
}