Overview
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain.
Description
CWE-354: Improper Validation of Integrity Check Value Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. |
Impact
Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to erase or alter the routing tables of routers within the domain, resulting in denial of service or the re-routing of traffic on the network. |
Solution
Install Updates |
Vendor Information
As an implementation vulnerability, CVE IDs are assigned for each known affected codebase:
|
Cisco Affected
Notified: May 12, 2017 Updated: August 08, 2017
Statement Date: July 26, 2017
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
CVE-2017-6770 describes this vulnerability in affected Cisco products.
Vendor References
Lenovo Affected
Notified: May 12, 2017 Updated: July 17, 2017
Statement Date: July 17, 2017
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
CVE-2017-3752 describes this vulnerability in affected Lenovo products.
Vendor References
Quagga Affected
Notified: July 17, 2017 Updated: July 26, 2017
Statement Date: July 25, 2017
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
CVE-2017-3224 has been assigned for Quagga's affected ospfd implementation.
Red Hat, Inc. Affected
Notified: May 12, 2017 Updated: July 25, 2017
Statement Date: May 15, 2017
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
CVE-2017-3224, reserved for Quagga, also applies to derivative affected Red Hat packages.
SUSE Linux Affected
Notified: May 12, 2017 Updated: July 25, 2017
Statement Date: May 16, 2017
Status
Affected
Vendor Statement
SUSE and openSUSE package quagga and are affected by the issue
Vendor Information
CVE-2017-3224, reserved for Quagga, also applies to the affected SUSE and openSUSE packages.
openSUSE project Affected
Notified: May 12, 2017 Updated: July 25, 2017
Statement Date: May 16, 2017
Status
Affected
Vendor Statement
SUSE and openSUSE package quagga and are affected by the issue
Vendor Information
CVE-2017-3224, reserved for Quagga, also applies to the affected SUSE and openSUSE packages.
Apple Not Affected
Notified: May 12, 2017 Updated: June 05, 2017
Statement Date: June 02, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Arista Networks, Inc. Not Affected
Notified: May 12, 2017 Updated: July 17, 2017
Statement Date: July 17, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CoreOS Not Affected
Notified: May 12, 2017 Updated: May 12, 2017
Statement Date: May 12, 2017
Status
Not Affected
Vendor Statement
CoreOS's products are not vulnerable to this exploit.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc. Not Affected
Notified: May 12, 2017 Updated: August 17, 2017
Statement Date: August 16, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD Project Not Affected
Notified: May 12, 2017 Updated: July 18, 2017
Statement Date: May 13, 2017
Status
Not Affected
Vendor Statement
The FreeBSD base system do not ship with an OSPF, therefore we consider our product as "Not affected".
We do ship several third party OSPF routing implementations as add-on software (packages) and will keep an eye on these.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HTC Not Affected
Notified: May 12, 2017 Updated: May 23, 2017
Statement Date: May 18, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Huawei Technologies Not Affected
Notified: May 12, 2017 Updated: July 26, 2017
Statement Date: July 26, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Corporation Not Affected
Notified: May 12, 2017 Updated: July 17, 2017
Statement Date: July 17, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks Not Affected
Notified: May 12, 2017 Updated: July 17, 2017
Statement Date: July 17, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MikroTik Not Affected
Updated: September 27, 2017
Statement Date: September 27, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Secure64 Software Corporation Not Affected
Notified: May 12, 2017 Updated: July 19, 2017
Statement Date: July 18, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Technicolor Not Affected
Updated: October 18, 2017
Statement Date: October 18, 2017
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ACCESS Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
AT&T Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Alcatel-Lucent Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Alpine Linux Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Amazon Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Android Open Source Project Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Arch Linux Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Aruba Networks Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
AsusTek Computer Inc. Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Avaya, Inc. Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Barnes and Noble Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Barracuda Networks Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Belkin, Inc. Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Blue Coat Systems Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Brocade Communication Systems Unknown
Notified: July 17, 2017 Updated: July 17, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CA Technologies Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CMX Systems Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CentOS Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Check Point Software Technologies Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Contiki OS Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Debian GNU/Linux Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Dell Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
DesktopBSD Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
DragonFly BSD Project Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
EMC Corporation Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
ENEA Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
EfficientIP SAS Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ericsson Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
European Registry for Internet Domains Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Extreme Networks Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
F5 Networks, Inc. Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Fedora Project Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Force10 Networks Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Fortinet, Inc. Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Foundry Brocade Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
GNU adns Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
GNU glibc Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Gentoo Linux Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Google Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
HardenedBSD Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Hewlett Packard Enterprise Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Hitachi Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
IBM Corporation Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Infoblox Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Internet Systems Consortium Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Internet Systems Consortium - DHCP Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
JH Software Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Joyent Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Kyocera Communications Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
LG Electronics Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Lynx Software Technologies Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
McAfee Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Microchip Technology Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Microsoft Corporation Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Motorola, Inc. Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
NEC Corporation Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
NLnet Labs Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
NetBSD Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Netgear, Inc. Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Nexenta Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Nokia Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Nominum Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OmniTI Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OpenBSD Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OpenDNS Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OpenIndiana Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Openwall GNU/*/Linux Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Oracle Corporation Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Oryx Embedded Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Peplink Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Philips Electronics Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
PowerDNS Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
QNX Software Systems Inc. Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
QUALCOMM Incorporated Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Quadros Systems Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
ReactOS Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Rocket RTOS Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SafeNet Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Samsung Mobile Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Slackware Linux Inc. Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SmoothWall Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Snort Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sony Corporation Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sourcefire Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Symantec Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
TCPWave Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
TippingPoint Technologies Inc. Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Tizen Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
TrueOS Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Turbolinux Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ubiquiti Networks Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ubuntu Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Unisys Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
VMware Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Wind River Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
WizNET Technology Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Xiaomi Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Xilinx Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Zephyr Project Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
ZyXEL Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
dnsmasq Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
gdnsd Unknown
Notified: August 28, 2017 Updated: August 28, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
m0n0wall Unknown
Notified: May 12, 2017 Updated: May 12, 2017
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
| Temporal | 4.9 | E:POC/RL:ND/RC:C |
| Environmental | 3.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Adi Sosnovich, Orna Grumberg, and Gabi Nakibly for reporting this vulnerability.
This document was written by Joel Land.
Other Information
| CVE IDs: | CVE-2017-3224, CVE-2017-3752, CVE-2017-6770 |
| Date Public: | 2017-07-27 |
| Date First Published: | 2017-07-27 |
| Date Last Updated: | 2017-10-18 14:19 UTC |
| Document Revision: | 36 |