diff --git a/2023/32xxx/CVE-2023-32467.json b/2023/32xxx/CVE-2023-32467.json index b24a90e00d8..f9def4a0a6f 100644 --- a/2023/32xxx/CVE-2023-32467.json +++ b/2023/32xxx/CVE-2023-32467.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-665: Improper Initialization", + "cweId": "CWE-665" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "PowerSwitch Z9664F-ON BIOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "v1.05.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dell Technologies would also like to thank yngweijw (Jiawei Yin) for reporting this issue" + }, + { + "lang": "en", + "value": "Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/32xxx/CVE-2023-32472.json b/2023/32xxx/CVE-2023-32472.json index b03ebd582c2..b66cd502369 100644 --- a/2023/32xxx/CVE-2023-32472.json +++ b/2023/32xxx/CVE-2023-32472.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32472", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "PowerSwitch Z9664F-ON BIOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "v1.05.10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/7xxx/CVE-2023-7061.json b/2023/7xxx/CVE-2023-7061.json index 9f18d1c8d0d..19c732d6626 100644 --- a/2023/7xxx/CVE-2023-7061.json +++ b/2023/7xxx/CVE-2023-7061.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Advanced File Manager", + "product": { + "product_data": [ + { + "product_name": "Advanced File Manager Shortcodes", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve" + }, + { + "url": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/", + "refsource": "MISC", + "name": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Colin Xu" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/7xxx/CVE-2023-7062.json b/2023/7xxx/CVE-2023-7062.json index 3f87a41a131..383e703c274 100644 --- a/2023/7xxx/CVE-2023-7062.json +++ b/2023/7xxx/CVE-2023-7062.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-538 File and Directory Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Advanced File Manager", + "product": { + "product_data": [ + { + "product_name": "Advanced File Manager Shortcodes", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve" + }, + { + "url": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/", + "refsource": "MISC", + "name": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Colin Xu" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/38xxx/CVE-2024-38301.json b/2024/38xxx/CVE-2024-38301.json index 37c621c7f70..c98b5763b25 100644 --- a/2024/38xxx/CVE-2024-38301.json +++ b/2024/38xxx/CVE-2024-38301.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-38301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@dell.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1107: Insufficient Isolation of Symbolic Constant Definitions", + "cweId": "CWE-1107" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dell", + "product": { + "product_data": [ + { + "product_name": "Alienware Command Center (AWCC)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "N/A", + "version_value": "5.8.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000225774/dsa-2024-258", + "refsource": "MISC", + "name": "https://www.dell.com/support/kbdoc/en-us/000225774/dsa-2024-258" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/4xxx/CVE-2024-4866.json b/2024/4xxx/CVE-2024-4866.json index c4cd5cb02a1..6ee9e8eabf2 100644 --- a/2024/4xxx/CVE-2024-4866.json +++ b/2024/4xxx/CVE-2024-4866.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-4866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "codersaiful", + "product": { + "product_data": [ + { + "product_name": "UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/544d7572-651f-45bb-b2ce-d768553c251a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/544d7572-651f-45bb-b2ce-d768553c251a?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/hotspot.php#L341", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/hotspot.php#L341" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/hero-slider.php#L919", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/hero-slider.php#L919" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/work-hour.php#L529", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/work-hour.php#L529" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/advance-pricing-table.php#L1340", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/advance-pricing-table.php#L1340" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/video-popup.php#L592", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/ultraaddons-elementor-lite/trunk/inc/widget/video-popup.php#L592" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Matthew Rollings" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5677.json b/2024/5xxx/CVE-2024-5677.json index b2c4850d479..a9985e08d1a 100644 --- a/2024/5xxx/CVE-2024-5677.json +++ b/2024/5xxx/CVE-2024-5677.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "aumkub", + "product": { + "product_data": [ + { + "product_name": "Featured Image Generator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56161d67-7378-4349-8fe5-da73da36afa0?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56161d67-7378-4349-8fe5-da73da36afa0?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/featured-image-generator/tags/1.3.1/admin/class-featured-image-generator-admin.php#L575", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/featured-image-generator/tags/1.3.1/admin/class-featured-image-generator-admin.php#L575" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lucio S\u00e1" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/5xxx/CVE-2024-5792.json b/2024/5xxx/CVE-2024-5792.json index 3b68d50d94b..e7049426724 100644 --- a/2024/5xxx/CVE-2024-5792.json +++ b/2024/5xxx/CVE-2024-5792.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes \u2018belong_to\u2019 parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Houzez", + "product": { + "product_data": [ + { + "product_name": "Houzez CRM", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.4.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1d4df4b-ec7a-43f6-8617-161b1600d6d2?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1d4df4b-ec7a-43f6-8617-161b1600d6d2?source=cve" + }, + { + "url": "https://favethemes.zendesk.com/hc/en-us/articles/360041639432-Changelog", + "refsource": "MISC", + "name": "https://favethemes.zendesk.com/hc/en-us/articles/360041639432-Changelog" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Istv\u00e1n M\u00e1rton" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/6xxx/CVE-2024-6387.json b/2024/6xxx/CVE-2024-6387.json index 8edf18beed4..adc0031e003 100644 --- a/2024/6xxx/CVE-2024-6387.json +++ b/2024/6xxx/CVE-2024-6387.json @@ -242,6 +242,11 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/07/09/2" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/09/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/09/5" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:4312", "refsource": "MISC", @@ -426,18 +431,13 @@ "url": "https://www.theregister.com/2024/07/01/regresshion_openssh/", "refsource": "MISC", "name": "https://www.theregister.com/2024/07/01/regresshion_openssh/" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/09/5", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/09/5" } ] }, "work_around": [ { "lang": "en", - "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter. However, the sshd server is still vulnerable to a Denial of Service as an attacker could still exhaust all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~" + "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter. However, the sshd server is still vulnerable to a Denial of Service as an attacker could still exhaust all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server's ability to drop connections if authentication is not completed within the specified timeout. This can lead to successful Denial of Service (DoS) attacks. If this mitigation is implemented, it is highly recommended to use a tool like 'fail2ban' alongside a firewall to monitor log files and manage connections appropriately." } ], "impact": {