admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-04 21:00:33 +00:00
parent c72ae06b2f
commit 98acccbbf4
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 587 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/23xxx/CVE-2020-23438.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cvewalkthrough.com/cve-2020-23438-wondershare-filmora-9-2-11-trojan-dll-hijacking-leading-to-privilege-escalation/",
"url": "https://cvewalkthrough.com/cve-2020-23438-wondershare-filmora-9-2-11-trojan-dll-hijacking-leading-to-privilege-escalation/"
}
]
}

56
2021/41xxx/CVE-2021-41719.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-41719",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-41719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://cvewalkthrough.com/cve-2021-41719-mseb-ios-application-sensitive-information-exposure/",
"url": "https://cvewalkthrough.com/cve-2021-41719-mseb-ios-application-sensitive-information-exposure/"
}
]
}

132
2024/8xxx/CVE-2024-8000.json
View File

@ -1,17 +1,141 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8000",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@arista.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \n\nNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1284 Improper Validation of Specified Quantity in Input",
"cweId": "CWE-1284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Arista Networks",
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.32.0",
"version_value": "4.32.4M"
},
{
"version_affected": "<=",
"version_name": "4.31.0",
"version_value": "4.31.5M"
},
{
"version_affected": "<=",
"version_name": "4.30.0",
"version_value": "4.30.8M"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "109",
"defect": [
"989881"
],
"discovery": "INTERNAL"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>In order to be vulnerable to CVE-2024-8000, the following three conditions must be met:</p><ol><li>802.1X must be configured.<div>&nbsp;</div></li><li>The customer must have an external AAA server configured which sends a multi-line dynamic ACL.<div>&nbsp;</div></li><li>ASU must have occurred ( more information about the upgrade process can be found here at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">Upgrades and Downgrades - Arista</a>&nbsp;). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. </li></ol><p>The below example shows an example of this issue before and after ASU:</p><pre>switch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n&nbsp; &nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n&nbsp; &nbsp; \"identity\": \"user3\",\n&nbsp; &nbsp; \"interface\": \"Ethernet3/47\",\n&nbsp; &nbsp; \"authMethod\": \"EAPOL\",\n&nbsp; &nbsp; \"authStage\": \"SUCCESS\",\n&nbsp; &nbsp; \"fallback\": \"NONE\",\n&nbsp; &nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n&nbsp; &nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n&nbsp; &nbsp; \"reauthInterval\": 0,\n&nbsp; &nbsp; \"cacheConfTime\": 0,\n&nbsp; &nbsp; \"vlanId\": \"202\",\n&nbsp; &nbsp; \"accountingSessionId\": \"\",\n&nbsp; &nbsp; \"captivePortal\": \"\",\n&nbsp; &nbsp; \"captivePortalSource\": \"\",\n&nbsp; &nbsp; \"aristaWebAuth\": \"\",\n&nbsp; &nbsp; \"supplicantClass\": \"\",\n&nbsp; &nbsp; \"filterId\": \"\",\n&nbsp; &nbsp; \"framedIpAddress\": \"0.0.0.0\",\n&nbsp; &nbsp; \"framedIpAddrSource\": \"sourceNone\",\n <span style=\"background-color: rgb(255, 255, 0);\"><b>\"nasFilterRules\": [</b>\n<b>&nbsp; &nbsp; &nbsp; &nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",</b>\n<b>&nbsp; &nbsp; &nbsp; &nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",</b>\n<b>&nbsp; &nbsp; &nbsp; &nbsp; \"permit tcp any any eq 80\", </b>\n<b>&nbsp; &nbsp; &nbsp; &nbsp; \"permit tcp any any eq 443\",</b>\n<b>&nbsp; &nbsp; &nbsp; &nbsp; \u201cdeny ip host 192.168.1.100\"</b>\n <b>],</b></span>\n&nbsp; &nbsp; \"sessionTimeout\": 0,\n&nbsp; &nbsp; \"terminationAction\": \"\",\n&nbsp; &nbsp; \"tunnelPrivateGroupId\": \"\",\n&nbsp; &nbsp; \"aristaPeriodicIdentity\": \"\",\n&nbsp; &nbsp; \"cachedAuthAtLinkDown\": false,\n&nbsp; &nbsp; \"reauthTimeoutSeen\": false,\n&nbsp; &nbsp; \"sessionCached\": false,\n&nbsp; &nbsp; \"detail_\": true\n}\n</pre><div>&nbsp;</div><p>The above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.</p><p>When ASU is performed:</p><pre>switch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n&nbsp; &nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n&nbsp; &nbsp; \"identity\": \"user3\",\n&nbsp; &nbsp; \"interface\": \"Ethernet3/47\",\n&nbsp; &nbsp; \"authMethod\": \"EAPOL\",\n&nbsp; &nbsp; \"authStage\": \"SUCCESS\",\n&nbsp; &nbsp; \"fallback\": \"NONE\",\n&nbsp; &nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n&nbsp; &nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n&nbsp; &nbsp; \"reauthInterval\": 0,\n&nbsp; &nbsp; \"cacheConfTime\": 0,\n&nbsp; &nbsp; \"vlanId\": \"202\",\n&nbsp; &nbsp; \"accountingSessionId\": \"\",\n&nbsp; &nbsp; \"captivePortal\": \"\",\n&nbsp; &nbsp; \"captivePortalSource\": \"\",\n&nbsp; &nbsp; \"aristaWebAuth\": \"\",\n&nbsp; &nbsp; \"supplicantClass\": \"\",\n&nbsp; &nbsp; \"filterId\": \"\",\n&nbsp; &nbsp; \"framedIpAddress\": \"0.0.0.0\",\n&nbsp; &nbsp; \"framedIpAddrSource\": \"sourceNone\",\n <span style=\"background-color: rgb(255, 255, 0);\"><b>\"nasFilterRules\": [</b>\n<b>&nbsp; &nbsp; &nbsp; &nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"</b>\n <b>],</b></span>\n&nbsp; &nbsp; \"sessionTimeout\": 0,\n&nbsp; &nbsp; \"terminationAction\": \"\",\n&nbsp; &nbsp; \"tunnelPrivateGroupId\": \"\",\n&nbsp; &nbsp; \"aristaPeriodicIdentity\": \"\",\n&nbsp; &nbsp; \"cachedAuthAtLinkDown\": false,\n&nbsp; &nbsp; \"reauthTimeoutSeen\": false,\n&nbsp; &nbsp; \"sessionCached\": false,\n&nbsp; &nbsp; \"detail_\": true\n}\n</pre><p>The above example is after ASU. Note the nasFilterRule is now only one line. </p><p>Note: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place.</p><br>"
}
],
"value": "In order to be vulnerable to CVE-2024-8000, the following three conditions must be met:\n\n * 802.1X must be configured.\u00a0\n\n\n * The customer must have an external AAA server configured which sends a multi-line dynamic ACL.\u00a0\n\n\n * ASU must have occurred ( more information about the upgrade process can be found here at Upgrades and Downgrades - Arista https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \u00a0). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. \nThe below example shows an example of this issue before and after ASU:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\", \n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\n\u00a0\n\nThe above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.\n\nWhen ASU is performed:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\nThe above example is after ASU. Note the nasFilterRule is now only one line. \n\nNote: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place."
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The workaround is to re-authenticate each supplicant. This can be done by running the command \u201c<b>dot1x re-authenticate</b>\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. </p><pre>switch(Ethernet 1)#dot1x re-authenticate\n</pre><div>&nbsp;</div><p>Alternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.</p><pre>switch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n</pre><div>&nbsp;</div><p>In both cases mentioned, we can verify that reauth has been triggered by checking the output of `<b>show logging</b>` to show the supplicant has been successfully authenticated and `<b>show ip access-lists</b>` to verify the ACL is installed correctly. </p><pre>switch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n&nbsp; &nbsp; &nbsp; &nbsp; 10 deny ip 10.1.0.0/16 20.1.0.0/16\n &nbsp; &nbsp;20 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n&nbsp; &nbsp; &nbsp; &nbsp; 30 permit tcp any any eq 80\n&nbsp; &nbsp; &nbsp; &nbsp; 40 permit tcp any any eq 443\n&nbsp; &nbsp; &nbsp; &nbsp; 50 deny ip host 192.168.1.100\n \n&nbsp; &nbsp; &nbsp; &nbsp; Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n&nbsp; &nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n&nbsp; &nbsp; \"identity\": \"user3\",\n&nbsp; &nbsp; \"interface\": \"Ethernet3/47\",\n&nbsp; &nbsp; \"authMethod\": \"EAPOL\",\n&nbsp; &nbsp; \"authStage\": \"SUCCESS\",\n&nbsp; &nbsp; \"fallback\": \"NONE\",\n&nbsp; &nbsp; \"callingStationId\": \"00:01:02:03:04:05\",\n&nbsp; &nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n&nbsp; &nbsp; \"reauthInterval\": 0,\n&nbsp; &nbsp; \"cacheConfTime\": 0,\n&nbsp; &nbsp; \"vlanId\": \"202\",\n&nbsp; &nbsp; \"accountingSessionId\": \"\",\n&nbsp; &nbsp; \"captivePortal\": \"\",\n&nbsp; &nbsp; \"captivePortalSource\": \"\",\n&nbsp; &nbsp; \"aristaWebAuth\": \"\",\n&nbsp; &nbsp; \"supplicantClass\": \"\",\n&nbsp; &nbsp; \"filterId\": \"\",\n&nbsp; &nbsp; \"framedIpAddress\": \"0.0.0.0\",\n&nbsp; &nbsp; \"framedIpAddrSource\": \"sourceNone\",\n&nbsp; &nbsp; <span style=\"background-color: rgb(255, 255, 0);\">\"nasFilterRules\": [\n&nbsp; &nbsp; &nbsp; &nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n&nbsp; &nbsp; &nbsp; &nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n&nbsp; &nbsp; &nbsp; &nbsp; \"permit tcp any any eq 80\",\n&nbsp; &nbsp; &nbsp; &nbsp; \"permit tcp any any eq 443\",\n&nbsp; &nbsp; &nbsp; &nbsp; \u201cdeny ip host 192.168.1.100\"\n&nbsp; &nbsp; ],</span>\n&nbsp; &nbsp; \"sessionTimeout\": 0,\n&nbsp; &nbsp; \"terminationAction\": \"\",\n&nbsp; &nbsp; \"tunnelPrivateGroupId\": \"\",\n&nbsp; &nbsp; \"aristaPeriodicIdentity\": \"\",\n&nbsp; &nbsp; \"cachedAuthAtLinkDown\": false,\n&nbsp; &nbsp; \"reauthTimeoutSeen\": false,\n&nbsp; &nbsp; \"sessionCached\": false,\n&nbsp; &nbsp; \"detail_\": true\n}</pre><p>In the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before.</p><br>"
}
],
"value": "The workaround is to re-authenticate each supplicant. This can be done by running the command \u201cdot1x re-authenticate\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. \n\nswitch(Ethernet 1)#dot1x re-authenticate\n\n\n\u00a0\n\nAlternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.\n\nswitch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n\n\n\u00a0\n\nIn both cases mentioned, we can verify that reauth has been triggered by checking the output of `show logging` to show the supplicant has been successfully authenticated and `show ip access-lists` to verify the ACL is installed correctly. \n\nswitch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n\u00a0 \u00a0 \u00a0 \u00a0 10 deny ip 10.1.0.0/16 20.1.0.0/16\n \u00a0 \u00a020 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n\u00a0 \u00a0 \u00a0 \u00a0 30 permit tcp any any eq 80\n\u00a0 \u00a0 \u00a0 \u00a0 40 permit tcp any any eq 443\n\u00a0 \u00a0 \u00a0 \u00a0 50 deny ip host 192.168.1.100\n \n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n\u00a0 \u00a0 \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n\u00a0 \u00a0 ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\nIn the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a>. </p><div>&nbsp;</div><div>CVE-2024-8000 has been fixed in the following releases:</div><ul><li>4.33.0M and above</li><li>4.32.5M and above releases in the 4.32.x train</li><li>4.31.6M and above releases in the 4.31.x train</li><li>4.30.9M and above releases in the 4.30.x train</li></ul><br>"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades . \n\n\u00a0\n\nCVE-2024-8000 has been fixed in the following releases:\n\n * 4.33.0M and above\n * 4.32.5M and above releases in the 4.32.x train\n * 4.31.6M and above releases in the 4.31.x train\n * 4.30.9M and above releases in the 4.30.x train"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

138
2024/9xxx/CVE-2024-9135.json
View File

@ -1,17 +1,147 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9135",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@arista.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime",
"cweId": "CWE-401"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Arista Networks",
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.33.0"
},
{
"version_affected": "<=",
"version_name": "4.31.0",
"version_value": "4.31.5"
},
{
"version_affected": "<=",
"version_name": "4.30.0",
"version_value": "4.30.8.1"
},
{
"version_affected": "<=",
"version_name": "4.29.0",
"version_value": "4.29.9.1"
},
{
"version_affected": "=",
"version_value": "4.28.0"
},
{
"version_affected": "<=",
"version_name": "4.27.0",
"version_value": "4.27.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "110",
"defect": [
"1006114"
],
"discovery": "UNKNOWN"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>In order to be vulnerable to CVE-2024-9135, the following condition must be met:</p><p>BGP Link State must be configured:</p><pre>switch# router bgp 65544\nswitch# &nbsp; address-family link-state\nswitch# &nbsp; &nbsp; &nbsp; neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n&nbsp; Description &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Neighbor V AS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MsgRcvd &nbsp; MsgSent InQ OutQ Up/Down State &nbsp; NlriRcd NlriAcc\n \n&nbsp; brw363 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 192.0.2.9 4 65550 &nbsp; &nbsp; &nbsp; 194222 &nbsp; 125149 &nbsp; 0 &nbsp; 0 01:08:41 Estab &nbsp; 211948 211948\n</pre><div>&nbsp;</div><p>If BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:</p><pre>switch&gt;sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc</pre><br>"
}
],
"value": "In order to be vulnerable to CVE-2024-9135, the following condition must be met:\n\nBGP Link State must be configured:\n\nswitch# router bgp 65544\nswitch# \u00a0 address-family link-state\nswitch# \u00a0 \u00a0 \u00a0 neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u00a0 Description \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Neighbor V AS \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MsgRcvd \u00a0 MsgSent InQ OutQ Up/Down State \u00a0 NlriRcd NlriAcc\n \n\u00a0 brw363 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 192.0.2.9 4 65550 \u00a0 \u00a0 \u00a0 194222 \u00a0 125149 \u00a0 0 \u00a0 0 01:08:41 Estab \u00a0 211948 211948\n\n\n\u00a0\n\nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\n\nswitch>sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc"
}
],
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.</p><pre>1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c 'echo \"BgpLsConsumerDps=0\" &gt; /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" &gt;&gt; /mnt/flash/toggle_override'\n3. Reload the switch or router</pre>"
}
],
"value": "The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\n\n1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c 'echo \"BgpLsConsumerDps=0\" > /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" >> /mnt/flash/toggle_override'\n3. Reload the switch or router"
}
],
"credits": [
{
"lang": "en",
"value": "Craig Dods from Meta\u2019s Infrastructure Security team."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

74
2025/1xxx/CVE-2025-1080.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1080",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@documentfoundation.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.\nThis issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Document Foundation",
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "24.8",
"version_value": "< 24.8.5"
},
{
"version_affected": "<",
"version_name": "25.2",
"version_value": "< 25.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080",
"refsource": "MISC",
"name": "https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Thanks to Amel Bouziane-Leblond for finding and reporting this issue."
}
]
}

124
2025/1xxx/CVE-2025-1953.json
View File

@ -1,17 +1,133 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.3.0 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "In vLLM AIBrix 0.2.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei pkg/plugins/gateway/prefixcacheindexer/hash.go der Komponente Prefix Caching. Durch die Manipulation mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Ein Aktualisieren auf die Version 0.3.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Random Values",
"cweId": "CWE-330"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues",
"cweId": "CWE-310"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vLLM",
"product": {
"product_data": [
{
"product_name": "AIBrix",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.298543",
"refsource": "MISC",
"name": "https://vuldb.com/?id.298543"
},
{
"url": "https://vuldb.com/?ctiid.298543",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.298543"
},
{
"url": "https://vuldb.com/?submit.509958",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.509958"
},
{
"url": "https://github.com/vllm-project/aibrix/issues/749",
"refsource": "MISC",
"name": "https://github.com/vllm-project/aibrix/issues/749"
},
{
"url": "https://github.com/vllm-project/aibrix/pull/752",
"refsource": "MISC",
"name": "https://github.com/vllm-project/aibrix/pull/752"
},
{
"url": "https://github.com/vllm-project/aibrix/pull/752/commits/3d25d95aebd66f24a549200edcebc5ea423b317a",
"refsource": "MISC",
"name": "https://github.com/vllm-project/aibrix/pull/752/commits/3d25d95aebd66f24a549200edcebc5ea423b317a"
},
{
"url": "https://github.com/vllm-project/aibrix/issues/749#event-16488517974",
"refsource": "MISC",
"name": "https://github.com/vllm-project/aibrix/issues/749#event-16488517974"
}
]
},
"credits": [
{
"lang": "en",
"value": "kexinoh (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.6,
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.6,
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 1.4,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N"
}
]
}

18
2025/1xxx/CVE-2025-1970.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1970",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/1xxx/CVE-2025-1971.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}