Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-16014

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-04 Jun, 2018 | 19:00
Updated At-16 Sep, 2024 | 21:57
Rejected At-
Credits

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:04 Jun, 2018 | 19:00
Updated At:16 Sep, 2024 | 21:57
Rejected At:
▼CVE Numbering Authority (CNA)

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

Affected Products
Vendor
HackerOneHackerOne
Product
http-proxy node module
Versions
Affected
  • <=0.6.6
Problem Types
TypeCWE IDDescription
CWECWE-703Improper Check or Handling of Exceptional Conditions (CWE-703)
Type: CWE
CWE ID: CWE-703
Description: Improper Check or Handling of Exceptional Conditions (CWE-703)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nodejitsu/node-http-proxy/pull/101
x_refsource_MISC
https://nodesecurity.io/advisories/323
x_refsource_MISC
Hyperlink: https://github.com/nodejitsu/node-http-proxy/pull/101
Resource:
x_refsource_MISC
Hyperlink: https://nodesecurity.io/advisories/323
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nodejitsu/node-http-proxy/pull/101
x_refsource_MISC
x_transferred
https://nodesecurity.io/advisories/323
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/nodejitsu/node-http-proxy/pull/101
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://nodesecurity.io/advisories/323
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:04 Jun, 2018 | 19:29
Updated At:09 Oct, 2019 | 23:24

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
http-proxy_project
http-proxy_project
>>http-proxy>>Versions before 0.7.0(exclusive)
cpe:2.3:a:http-proxy_project:http-proxy:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-388Primarynvd@nist.gov
CWE-703Secondarysupport@hackerone.com
CWE ID: CWE-388
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-703
Type: Secondary
Source: support@hackerone.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/nodejitsu/node-http-proxy/pull/101support@hackerone.com
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/323support@hackerone.com
Third Party Advisory
Hyperlink: https://github.com/nodejitsu/node-http-proxy/pull/101
Source: support@hackerone.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://nodesecurity.io/advisories/323
Source: support@hackerone.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2023-51443
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.29%
||
7 Day CHG~0.00%
Published-27 Dec, 2023 | 16:30
Updated-13 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.

Action-Not Available
Vendor-freeswitchsignalwire
Product-freeswitchfreeswitch
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2023-49786
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 19:47
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

Action-Not Available
Vendor-Sangoma Technologies Corp.AsteriskDigium, Inc.
Product-certified_asteriskasteriskasterisk
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-41589
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2022-41777
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.37%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

Action-Not Available
Vendor-kujirahandkujirahand
Product-nadesiko3Nako3edit, editor component of nadesiko3 (PC Version)
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2020-2075
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.38%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 17:09
Updated-04 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH.

Action-Not Available
Vendor-n/aSICK AG
Product-icr890-3.5_firmwarelms511_firmwarelms511msc800lms153_firmwareclv642_firmwarelms142_firmwarelms122lms133clv631_firmwarelms531clv650_firmwareclv622_firmwareclv621lms100_firmwareclv632_firmwareclv620_firmwarelms131clv631clv640_firmwarelms131_firmwarelms111lms141icr890-3clv630clv651lms101_firmwarelms122_firmwarelms133_firmwareicr890-3_firmwarelms123_firmwarelms151clv632clv640clv620lms121_firmwarelms142lms141_firmwareclv622clv651_firmwarelms143_firmwarelms500lms500_firmwarerfhlms100lms531_firmwarelms111_firmwarelms121lms123clv621_firmwareclv630_firmwareclv642lms101lms153icr890-3.5lms143clv650lms151_firmwaremsc800_firmwarerfh_firmwareBulkscan LMS111; Bulkscan LMS511; CLV62x – CLV65x; ICR890-3; LMS10x, LMS11x, LMS15x; LMS12x, LMS13x, LMS14x; LMS5xx, LMS53x; MSC800; RFH
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-39815
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.4||CRITICAL
EPSS-0.45% / 62.60%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 19:33
Updated-21 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions

Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.

Action-Not Available
Vendor-vonetsVonetsvonets
Product-vap11g-500s_firmwarevap11g-500_firmwarevga-1000var1200-hvap11n-300_firmwarevar1200-l_firmwarevbg1200var1200-lvap11g-500svap11ac_firmwarevar600-h_firmwarevap11s-5g_firmwarevga-1000_firmwarevar1200-h_firmwarevap11n-300vap11g-500vap11g-300_firmwarevar11n-300vap11s-5gvap11g-300vap11s_firmwarevap11gvap11acvbg1200_firmwarevap11svap11g_firmwarevar600-hvar11n-300_firmwareVAP11S-5GVAP11N-300VBG1200VAP11GVAR11N-300VGA-1000VAR1200-LVAR1200-HVAP11SVAP11G-300VAP11G-500VAP11G-500SVAP11ACVAR600-Hvap11g-500s_firmwarevap11n-300_firmwarevap11s_firmwarevar1200-l_firmwarevbg1200_firmwarevap11ac_firmwarevar600-h_firmwarevap11s-5g_firmwarevga-1000_firmwarevap11g_firmwarevar1200-h_firmwarevap11g-300_firmwarevar11n-300_firmware
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2022-25252
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.42%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-16 Apr, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PTC Axeda agent and Axeda Desktop Server Improper Check or Handling Of Exceptional Conditions

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.

Action-Not Available
Vendor-ptcPTC
Product-axeda_desktop_serveraxeda_agentAxeda Desktop Server for WindowsAxeda agent
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-20227
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.52% / 65.64%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 17:21
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-4351_integrated_services_router4331\/k9-ws_integrated_services_routerc8500l-8s4x1100-6g_integrated_services_routervg400-4fxs\/4fxo4331\/k9_integrated_services_router4351\/k9_integrated_services_routercatalyst_8000v_edge4351\/k9-ws_integrated_services_routervg420-144fxs1100-4gltena_integrated_services_router4331_integrated_services_routervg400-2fxs\/2fxo4461_integrated_services_routercatalyst_8300-2n2s-6t1000_integrated_services_router4351\/k9-rf_integrated_services_routervg400-8fxs4321\/k9-ws_integrated_services_router1100-4g_integrated_services_routerc8200l-1n-4t4321_integrated_services_routercatalyst_8300-1n1s-4t2x4321\/k9-rf_integrated_services_router4431_integrated_services_routerc8200-1n-4tcatalyst_8300-1n1s-6tvg450-144fxs\/k9cloud_services_router_1000vios_xe4221_integrated_services_routercatalyst_8300-2n2s-4t2xvg450\/k9vg450-72fxs\/k9vg400-6fxs\/6fxovg420-84fxs\/6fxo1100-4gltegb_integrated_services_router4331\/k9-rf_integrated_services_router4451_integrated_services_routervg420-132fxs\/6fxo4321\/k9_integrated_services_routerCisco IOS XE Software
CWE ID-CWE-388
Not Available
CVE-2024-26007
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5||MEDIUM
EPSS-0.25% / 48.30%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:19
Updated-11 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOSfortios
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2024-50954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.58%
||
7 Day CHG+0.02%
Published-15 Jan, 2025 | 00:00
Updated-20 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2024-37992
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.46%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-18 Sep, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf680r_cmiitsimatic_rf1170r_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf685r_fccsimatic_reader_rf650r_aribsimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf680r_fccsimatic_reader_rf610r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf685r_arib_firmwaresimatic_reader_rf615r_cmiitsimatic_rf186c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf188c_firmwaresimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf185csimatic_rf360r_firmwaresimatic_rf1140r_firmwaresimatic_rf186cisimatic_rf1140rsimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf680r_etsisimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf685r_cmiit_firmwaresimatic_reader_rf680r_arib_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_fccsimatic_reader_rf650r_cmiitsimatic_reader_rf685r_cmiitsimatic_rf166csimatic_reader_rf680r_aribsimatic_rf1170rsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_reader_rf650r_etsi_firmwaresimatic_rf186csimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC RF1140RSIMATIC Reader RF685R ARIBSIMATIC RF1170RSIMATIC Reader RF680R ETSISIMATIC RF188CSIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2020-1639
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.50%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 19:26
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: A crafted Ethernet OAM packet received by Junos may cause the Ethernet OAM connectivity fault management process (CFM) to core.

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. This overflow condition in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) condition by coring the CFM daemon. Continued receipt of these packets may cause an extended Denial of Service condition. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 14.1X50 versions prior to 14.1X50-D145; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R2; 15.1X49 versions prior to 15.1X49-D170 on SRX Series; 15.1X53 versions prior to 15.1X53-D67.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2020-1644
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 18:40
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets

On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found