Overview
The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets.
Description
CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-5390 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. |
Impact
An remote attacker may be able to trigger a denial-of-service condition against a system with an available open port. |
Solution
Apply a patch |
Vendor Information
ADTRAN Affected
Notified: July 24, 2018 Updated: September 14, 2018
Statement Date: August 22, 2018
Status
Affected
Vendor Statement
Affected.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Akamai Technologies, Inc. Affected
Notified: July 27, 2018 Updated: August 08, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Amazon Affected
Notified: July 24, 2018 Updated: September 14, 2018
Statement Date: August 20, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Arista Networks, Inc. Affected
Notified: July 24, 2018 Updated: August 07, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Check Point Software Technologies Affected
Notified: July 24, 2018 Updated: September 13, 2018
Statement Date: September 13, 2018
Status
Affected
Vendor Statement
Check Point is Affected by both FragmentSmack and SegmentSmack
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Debian GNU/Linux Affected
Notified: July 24, 2018 Updated: August 07, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
F5 Networks, Inc. Affected
Notified: July 24, 2018 Updated: August 09, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
FreeBSD Project Affected
Notified: July 24, 2018 Updated: August 08, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Juniper Networks Affected
Notified: July 24, 2018 Updated: August 07, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Ubuntu Affected
Notified: July 24, 2018 Updated: August 07, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Broadcom Not Affected
Notified: July 24, 2018 Updated: September 11, 2018
Statement Date: August 23, 2018
Status
Not Affected
Vendor Statement
Advisory for CVE-2018-5390: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-686;
Advisory for CVE-2018-6922: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-696
Vendor References
SUSE Linux Not Affected
Notified: July 24, 2018 Updated: September 14, 2018
Status
Not Affected
Vendor Statement
SUSE is affected by VU#641765.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Zyxel Not Affected
Notified: July 24, 2018 Updated: August 16, 2018
Statement Date: August 07, 2018
Status
Not Affected
Vendor Statement
Not Affected.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
3com Inc Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
A10 Networks Unknown
Notified: July 27, 2018 Updated: July 27, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ACCESS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ANTlabs Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ARRIS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ASP Linux Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AT&T Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AVM GmbH Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Actelis Networks Unknown
Notified: July 27, 2018 Updated: July 27, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Actiontec Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Aerohive Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AhnLab Inc Unknown
Notified: July 27, 2018 Updated: July 27, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AirWatch Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alcatel-Lucent Enterprise Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alpine Linux Unknown
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Android Open Source Project Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Appgate Network Security Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Apple Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Arch Linux Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Aruba Networks Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AsusTek Computer Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Atheros Communications Inc. Unknown
Notified: August 06, 2018 Updated: August 06, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Barracuda Networks Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Belkin, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Bell Canada Enterprises Unknown
Notified: July 27, 2018 Updated: July 27, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
BlackBerry Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
BlueCat Networks, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Brocade Communication Systems Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CA Technologies Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cambium Networks Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ceragon Networks Inc Unknown
Notified: August 06, 2018 Updated: August 06, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cisco Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Comcast Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Command Software Systems Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CoreOS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cradlepoint Unknown
Notified: August 02, 2018 Updated: August 02, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell EMC Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Dell SecureWorks Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DesktopBSD Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Deutsche Telekom Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Devicescape Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Digi International Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
DragonFly BSD Project Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EfficientIP SAS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ericsson Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Espressif Systems Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
European Registry for Internet Domains Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Express Logic Unknown
Notified: August 02, 2018 Updated: August 02, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Extreme Networks Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F-Secure Corporation Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fedora Project Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Force10 Networks Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Foundry Brocade Unknown
Notified: August 02, 2018 Updated: August 02, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
GNU glibc Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Geexbox Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Gentoo Linux Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Google Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HP Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HTC Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
HardenedBSD Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Honeywell Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Huawei Technologies Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM eServer Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM, INC. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
InfoExpress, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Infoblox Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Systems Consortium - DHCP Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Interniche Technologies, inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Joyent Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Kyocera Communications Unknown
Notified: August 13, 2018 Updated: August 13, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lancope Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lantronix Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lenovo Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Linksys Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Marvell Semiconductors Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MediaTek Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Medtronic Unknown
Notified: July 24, 2018 Updated: August 02, 2018
Statement Date: August 02, 2018
Status
Unknown
Vendor Statement
Medtronic has mitigations in place for the reported vulnerabilities in
automatic DNS registration and autodiscovery protocols.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Men & Mice Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MetaSwitch Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Micro Focus Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Microchip Technology Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Microsoft Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MikroTik Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Miredo Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Mitel Networks, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NETSCOUT Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NLnet Labs Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetBSD Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Netgear, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nixu Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nominum Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OmniTI Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenBSD Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenConnect Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
OpenDNS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Oracle Corporation Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Paessler Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Peplink Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Philips Electronics Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
PowerDNS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Pulse Secure Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QLogic Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QNX Software Systems Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QUALCOMM Incorporated Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quagga Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quantenna Communications Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Red Hat, Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Riverbed Technologies Unknown
Notified: July 27, 2018 Updated: July 27, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Roku Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ruckus Wireless Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Samsung Mobile Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Samsung Semiconductor Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Secure64 Software Corporation Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sierra Wireless Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Snort Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SonicWall Unknown
Notified: July 27, 2018 Updated: July 27, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sonos Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sophos, Inc. Unknown
Notified: July 27, 2018 Updated: July 27, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sourcefire Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Symantec Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Synology Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TP-LINK Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Technicolor Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TippingPoint Technologies Inc. Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Toshiba Commerce Solutions Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TrueOS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Turbolinux Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ubiquiti Networks Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Unisys Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
VMware Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Wind River Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Xilinx Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zebra Technologies Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Zephyr Project Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
aep NETWORKS Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
dnsmasq Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eero Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
m0n0wall Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
netsnmp Unknown
Notified: July 24, 2018 Updated: July 23, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
pfSense Unknown
Notified: July 24, 2018 Updated: August 07, 2018
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.1 | AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Temporal | 6.4 | E:POC/RL:ND/RC:C |
| Environmental | 6.4 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting these vulnerabilities.
This document was written by Trent Novelly.
Other Information
| CVE IDs: | CVE-2018-5390, CVE-2018-6922 |
| Date Public: | 2018-07-23 |
| Date First Published: | 2018-08-06 |
| Date Last Updated: | 2018-09-14 19:29 UTC |
| Document Revision: | 31 |