CVE-2017-0938

EPSS 5.31%
Veröffentlicht 12.02.2019 22:29:00
Zuletzt bearbeitet 21.11.2024 03:03:56
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ui ≫ Airos Version < 6.0.7

Ui ≫ Airmax Ac Version-

Ui ≫ Airos Version >= 6.0.7 < 8.3.2

Ui ≫ Airmax Ac Version-

Ui ≫ Edgemax Firmware Version < 1.9.7

Ui ≫ Edgemax Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.31%	0.896

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522

Vendor Advisory

Release Notes

https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215

Vendor Advisory

Release Notes

https://hackerone.com/reports/221625

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-0938

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-0938

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-0938

EUVD