mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-08 22:18:22 +00:00
470 lines
13 KiB
JSON
470 lines
13 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2020-36516",
|
||
|
|
"sourceIdentifier": "cve@mitre.org",
|
||
|
|
"published": "2022-02-26T04:15:06.933",
|
||
|
|
"lastModified": "2023-01-05T17:26:03.923",
|
||
|
|
"vulnStatus": "Analyzed",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"lang": "es",
|
||
|
|
"value": "Se ha detectado un problema en el kernel de Linux versiones hasta 5.16.11. El m\u00e9todo de asignaci\u00f3n de IPID mixto con la pol\u00edtica de asignaci\u00f3n de IPID basada en hash permite a un atacante fuera de la ruta inyectar datos en la sesi\u00f3n TCP de una v\u00edctima o terminar esa sesi\u00f3n."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {
|
||
|
|
"cvssMetricV31": [
|
||
|
|
{
|
||
|
|
"source": "nvd@nist.gov",
|
||
|
|
"type": "Primary",
|
||
|
|
"cvssData": {
|
||
|
|
"version": "3.1",
|
||
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L",
|
||
|
|
"attackVector": "NETWORK",
|
||
|
|
"attackComplexity": "HIGH",
|
||
|
|
"privilegesRequired": "LOW",
|
||
|
|
"userInteraction": "NONE",
|
||
|
|
"scope": "UNCHANGED",
|
||
|
|
"confidentialityImpact": "NONE",
|
||
|
|
"integrityImpact": "HIGH",
|
||
|
|
"availabilityImpact": "LOW",
|
||
|
|
"baseScore": 5.9,
|
||
|
|
"baseSeverity": "MEDIUM"
|
||
|
|
},
|
||
|
|
"exploitabilityScore": 1.6,
|
||
|
|
"impactScore": 4.2
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"cvssMetricV2": [
|
||
|
|
{
|
||
|
|
"source": "nvd@nist.gov",
|
||
|
|
"type": "Primary",
|
||
|
|
"cvssData": {
|
||
|
|
"version": "2.0",
|
||
|
|
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
|
||
|
|
"accessVector": "NETWORK",
|
||
|
|
"accessComplexity": "MEDIUM",
|
||
|
|
"authentication": "SINGLE",
|
||
|
|
"confidentialityImpact": "NONE",
|
||
|
|
"integrityImpact": "PARTIAL",
|
||
|
|
"availabilityImpact": "PARTIAL",
|
||
|
|
"baseScore": 4.9
|
||
|
|
},
|
||
|
|
"baseSeverity": "MEDIUM",
|
||
|
|
"exploitabilityScore": 6.8,
|
||
|
|
"impactScore": 4.9,
|
||
|
|
"acInsufInfo": false,
|
||
|
|
"obtainAllPrivilege": false,
|
||
|
|
"obtainUserPrivilege": false,
|
||
|
|
"obtainOtherPrivilege": false,
|
||
|
|
"userInteractionRequired": false
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"weaknesses": [
|
||
|
|
{
|
||
|
|
"source": "nvd@nist.gov",
|
||
|
|
"type": "Primary",
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "CWE-327"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"configurations": [
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
||
|
|
"versionEndIncluding": "5.6.11",
|
||
|
|
"matchCriteriaId": "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
|
||
|
|
"versionStartIncluding": "11.0",
|
||
|
|
"matchCriteriaId": "020C93EF-D94B-43CC-9F92-65F046D7EC19"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "1746E116-3B82-4F65-B540-63D4058BD471"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "04FD1F9A-8F43-4509-9A49-714C54C4783C"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "BAFC49B0-FC63-4F06-A9DC-B853186003A9"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "504201E4-04CD-4224-9264-C1AEAD480E36"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "9BFAB819-0951-4D57-9B86-3CF590E50E7A"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "BDDA0D1D-3A1E-4CF5-BD6A-F05AE4E8CDDA"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "806D1842-64F5-4F4C-B728-AFD0B99CE6EB"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "266DDF39-2707-401F-88AF-3761D1045202"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "4ED4148B-73E9-48DA-BB54-F5A43B21FD56"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "B09AB46C-8B35-4085-AD86-56EC06F665CB"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "46BB915A-F2AE-4041-89F1-03547F819DFF"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "A33DCDCD-58EC-495A-BD5E-BB612F5B8A39"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "88A6EDE4-DD97-45A9-8366-E999525AA68F"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "C2934495-6D4D-4C21-89E3-A2414ABDD5CE"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "8665C148-3C9E-4EC9-A281-293D2352B8B9"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "1A0CE664-32E5-4917-8319-7D2A31DCD72F"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h610c_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "1389C7E6-3CA7-4F02-8308-43946E7CE0D0"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "4CE6E747-ED1F-4EE1-A4A5-69FB6FD21D81"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h615c_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "DF5E357F-21DA-4768-B213-27FF892F3984"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "E0A89CCC-1189-4190-A88B-A4EF42305A10"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:baseboard_management_controller_h610s_firmware:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "5A9255B3-8341-421A-B160-D57EAB95F966"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "B023DB49-71F5-43CF-9558-CF721AEA4B91"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "AND",
|
||
|
|
"nodes": [
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": true,
|
||
|
|
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"operator": "OR",
|
||
|
|
"negate": false,
|
||
|
|
"cpeMatch": [
|
||
|
|
{
|
||
|
|
"vulnerable": false,
|
||
|
|
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
|
||
|
|
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://dl.acm.org/doi/10.1145/3372297.3417884",
|
||
|
|
"source": "cve@mitre.org",
|
||
|
|
"tags": [
|
||
|
|
"Technical Description",
|
||
|
|
"Third Party Advisory"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://security.netapp.com/advisory/ntap-20220331-0003/",
|
||
|
|
"source": "cve@mitre.org",
|
||
|
|
"tags": [
|
||
|
|
"Third Party Advisory"
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|