Overview
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets.
Description
CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-5391 The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. |
Impact
An attacker may be able to trigger a denial-of-service condition against the system. |
Solution
Apply a patch |
If you are unable to apply a patch, see the following mitigations: |
Vendor Information
Arista Networks, Inc.
Notified: August 13, 2018 Updated: August 15, 2018
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
https://www.arista.com/en/support/advisories-notices/security-advisories/57 82-security-advisory-37
Check Point Software Technologies
Notified: August 13, 2018 Updated: September 13, 2018
Statement Date: September 13, 2018
Status
Affected
Vendor Statement
Check Point is Affected by both FragmentSmack and SegmentSmack
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Debian GNU/Linux
Notified: August 13, 2018 Updated: August 15, 2018
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Microsoft
Notified: August 13, 2018 Updated: October 12, 2018
Status
Affected
Vendor Statement
Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassembling IP fragments. A system under attack would become unresponsive with 100% CPU utilization but would recover as soon as the attack terminated.
To protect your system from this vulnerability, Microsoft recommends that you take the following actions:
1) Register for security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
2) Test and apply security updates. See the Affected Products table to download and install the updates.
3) If you cannot apply the security updates immediately, you can apply the workaround described in FAQ #1.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV18002 2
Red Hat, Inc.
Notified: August 13, 2018 Updated: August 15, 2018
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
https://access.redhat.com/articles/3553061 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-5391
SUSE Linux
Notified: August 13, 2018 Updated: September 12, 2018
Statement Date: August 15, 2018
Status
Affected
Vendor Statement
SUSE is affected by this problem in its SUSE Linux Enterprise 12 and 15 series kernels,
and will be providing updates.
https://www.suse.com/security/cve/CVE-2018-5391
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Ubuntu
Notified: August 13, 2018 Updated: August 15, 2018
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5391.html
Broadcom
Notified: August 13, 2018 Updated: September 11, 2018
Statement Date: August 23, 2018
Status
Not Affected
Vendor Statement
Advisory for CVE-2018-539: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-690
Vendor References
3com Inc
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
A10 Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ACCESS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ADTRAN
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ANTlabs
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ARRIS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ASP Linux
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AT&T
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AVM GmbH
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Actelis Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Actiontec
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Aerohive
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AhnLab Inc
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AirWatch
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Akamai Technologies, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alcatel-Lucent Enterprise
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alpine Linux
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Amazon
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Android Open Source Project
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Appgate Network Security
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Apple
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Arch Linux
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Aruba Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AsusTek Computer Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Atheros Communications Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avaya, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Barracuda Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Belkin, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Bell Canada Enterprises
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
BlackBerry
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
BlueCat Networks, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Brocade Communication Systems
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CA Technologies
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cambium Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ceragon Networks Inc
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cisco
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Comcast
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Command Software Systems
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CoreOS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cradlepoint
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell EMC
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell SecureWorks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DesktopBSD
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Deutsche Telekom
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Devicescape
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Digi International
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DragonFly BSD Project
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EfficientIP SAS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ericsson
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Espressif Systems
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
European Registry for Internet Domains
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Express Logic
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Extreme Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F-Secure Corporation
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F5 Networks, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fedora Project
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Force10 Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Foundry Brocade
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD Project
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
GNU glibc
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Geexbox
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Gentoo Linux
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HP Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HTC
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HardenedBSD
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Honeywell
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Huawei Technologies
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation (zseries)
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM, INC.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
InfoExpress, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Infoblox
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium - DHCP
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Interniche Technologies, inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Joyent
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Kyocera Communications
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lancope
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lantronix
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lenovo
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Linksys
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Marvell Semiconductors
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MediaTek
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Medtronic
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Men & Mice
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MetaSwitch
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Micro Focus
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Microchip Technology
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MikroTik
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Miredo
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Mitel Networks, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NETSCOUT
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NLnet Labs
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetBSD
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Netgear, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nixu
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nominum
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OmniTI
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenBSD
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenConnect
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenDNS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU/*/Linux
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Oracle Corporation
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Paessler
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Peplink
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Philips Electronics
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
PowerDNS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Pulse Secure
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QLogic
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QNX Software Systems Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QUALCOMM Incorporated
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quagga
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quantenna Communications
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Riverbed Technologies
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Roku
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ruckus Wireless
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Samsung Mobile
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Samsung Semiconductor Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Secure64 Software Corporation
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sierra Wireless
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Slackware Linux Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Snort
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SonicWall
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sonos
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sophos, Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sourcefire
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Symantec
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Synology
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TP-LINK
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Technicolor
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TippingPoint Technologies Inc.
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Toshiba Commerce Solutions
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TrueOS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Turbolinux
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ubiquiti Networks
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Unisys
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
VMware
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Wind River
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Xilinx
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zebra Technologies
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zephyr Project
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zyxel
Notified: August 13, 2018 Updated: August 16, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
aep NETWORKS
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
dnsmasq
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eero
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
m0n0wall
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
netsnmp
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
pfSense
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Temporal | 6.6 | E:U/RL:ND/RC:ND |
| Environmental | 6.6 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
Credit
Thanks to Juha-Matti Tilli(Aalto University,Department of Communications and Networking/Nokia Bell Labs)for reporting this vulnerability.
This document was written by Trent Novelly.
Other Information
| CVE IDs: | CVE-2018-5391 |
| Date Public: | 2018-08-14 |
| Date First Published: | 2018-08-14 |
| Date Last Updated: | 2018-10-12 12:31 UTC |
| Document Revision: | 36 |