MidnightBSD

Advisories for ietf

CVE-2015-8960 MEDIUM

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
netapp smi-s_provider -
netapp snapmanager -
netapp snapdrive -
netapp clustered_data_ontap_antivirus_connector -
netapp data_ontap_edge -
netapp system_setup -
netapp host_agent -
netapp oncommand_shift -
ietf transport_layer_security *
netapp snap_creator_framework -
netapp plug-in_for_symantec_netbackup -
netapp solidfire_&_hci_management_node -
netapp snapprotect -
CVE-2016-10142 MEDIUM

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
ietf ipv6 -
CVE-2018-5389 MEDIUM

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,

Products Affected

Vendor Product Version
ietf internet_key_exchange 1.0
CVE-2020-20949 MEDIUM

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
st stm32cubeg4 -
st stm32cubel4 -
st stm32cubeg0 -
st stm32cubemx -
st stm32cubewb -
st stm32cubef4 -
st stm32cubeh7 -
st stm32cubel5 -
st stm32cubewl -
st stm32cubel0 -
st stm32cubemp1 -
st stm32cubef0 -
st stm32cubeide -
st stm32cubel4+ -
st stm32cubef7 -
st stm32cubef3 -
st stm32cubeprogrammer -
st stm32cubef1 -
st stm32cubel1 -
ietf public_key_cryptography_standards_#1 1.5
st stm32cubef2 -
st stm32cubemonitor -
CVE-2020-20950 MEDIUM

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
ietf public_key_cryptography_standards_#1 1.5
microchip microchip_libraries_for_applications *
CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

Products Affected

Vendor Product Version
cisco ios_xe 17.3.3
cisco nexus_9508_firmware 9.3(5)
cisco sg500x-24_firmware 3.0.0.61
cisco nexus_93240yc-fx2_firmware 9.3(5)
cisco sg500x-24mpp_firmware 3.0.0.61
cisco nexus_9716d-gx_firmware 9.3(5)
cisco nexus_9736pq_firmware 9.3(5)
cisco sg500-28p_firmware 3.0.0.61
cisco nexus_93108tc-fx_firmware 9.3(5)
cisco sf500-24_firmware 3.0.0.61
cisco meraki_ms425_firmware -
cisco n9k-c9348d-gx2a_firmware 9.3(5)
cisco sf500-24p_firmware 3.0.0.61
cisco catalyst_6503-e_firmware 15.5(01.01.85)sy07
cisco n9k-x97160yc-ex_firmware 9.3(5)
cisco nexus_92304qc_firmware 9.3(5)
cisco ios_xe 17.6.1
cisco n9k-x9464px_firmware 9.3(5)
cisco meraki_ms450_firmware -
cisco nexus_9636pq_firmware 9.3(5)
cisco catalyst_c6832-x-le_firmware 15.5(01.01.85)sy07
cisco nexus_93108tc-ex_firmware 9.3(5)
cisco ios_xe 17.4.1
cisco nexus_9800_firmware 9.3(5)
cisco meraki_ms250_firmware -
cisco n9k-x9564tx_firmware 9.3(5)
cisco nexus_9364c-gx_firmware 9.3(5)
cisco meraki_ms390_firmware -
cisco meraki_ms420_firmware -
cisco sg500-28_firmware 3.0.0.61
cisco sg500x-24p_firmware 3.0.0.61
cisco nexus_9364c_firmware 9.3(5)
cisco sg500-52_firmware 3.0.0.61
cisco catalyst_6506-e_firmware 15.5(01.01.85)sy07
cisco nexus_93360yc-fx2_firmware 9.3(5)
cisco nexus_93180yc-fx3_firmware 9.3(5)
cisco nexus_9348gc-fxp_firmware 9.3(5)
cisco n9k-c9364d-gx2a_firmware 9.3(5)
cisco meraki_ms210_firmware -
cisco nexus_93120tx_firmware 9.3(5)
cisco n9k-x9564px_firmware 9.3(5)
cisco nexus_9536pq_firmware 9.3(5)
cisco sg500-52p_firmware 3.0.0.61
cisco catalyst_c6840-x-le-40g_firmware 15.5(01.01.85)sy07
cisco sg500x-48mpp_firmware 3.0.0.61
ietf p802.1q *
cisco catalyst_6509-v-e_firmware 15.5(01.01.85)sy07
cisco nexus_92160yc-x_firmware 9.3(5)
cisco catalyst_6509-e_firmware 15.5(01.01.85)sy07
cisco nexus_93180yc-fx_firmware 9.3(5)
cisco nexus_9516_firmware 9.3(5)
cisco nexus_9332c_firmware 9.3(5)
cisco nexus_9504_firmware 9.3(5)
cisco n9k-x9636c-rx_firmware 9.3(5)
cisco catalyst_6807-xl_firmware 15.5(01.01.85)sy07
cisco sf500-18p_firmware 3.0.0.61
cisco n9k-x9788tc-fx_firmware 9.3(5)
cisco n9k-x9432c-s_firmware 9.3(5)
cisco nexus_92300yc_firmware 9.3(5)
cisco sf500-48_firmware 3.0.0.61
cisco meraki_ms225_firmware -
cisco catalyst_c6824-x-le-40g_firmware 15.5(01.01.85)sy07
cisco n9k-c93600cd-gx_firmware 9.3(5)
cisco sf500-48mp_firmware 3.0.0.61
cisco n9k-x9732c-ex_firmware 9.3(5)
cisco n9k-x9732c-fx_firmware 9.3(5)
cisco meraki_ms410_firmware -
cisco sg500-28mpp_firmware 3.0.0.61
cisco catalyst_c6816-x-le_firmware 15.5(01.01.85)sy07
cisco sf-500-24mp_firmware 3.0.0.61
cisco ios_xe 15.2(07)e03
cisco sg500x-48_firmware 3.0.0.61
cisco catalyst_6504-e_firmware 15.5(01.01.85)sy07
cisco meraki_ms350_firmware -
cisco nexus_x9636q-r_firmware 9.3(5)
cisco nexus_9236c_firmware 9.3(5)
cisco sg500-52mp_firmware 3.0.0.61
cisco nexus_9432pq_firmware 9.3(5)
cisco n9k-c9316d-gx_firmware 9.3(5)
ieee ieee_802.2 *
cisco nexus_93216tc-fx2_firmware 9.3(5)
cisco n9k-x9464tx2_firmware 9.3(5)
cisco n9k-c9332d-gx2b_firmware 9.3(5)
cisco n9k-x9736c-fx_firmware 9.3(5)
cisco catalyst_6509-neb-a_firmware 15.5(01.01.85)sy07
cisco nexus_93180yc-ex_firmware 9.3(5)
cisco n9k-x9736c-ex_firmware 9.3(5)
cisco sg500x-48p_firmware 3.0.0.61
cisco nexus_93108tc-fx3p_firmware 9.3(5)
cisco n9k-x9636c-r_firmware 9.3(5)
cisco catalyst_6513-e_firmware 15.5(01.01.85)sy07
cisco catalyst_6880-x_firmware 15.5(01.01.85)sy07
cisco catalyst_6840-x_firmware 15.5(01.01.85)sy07
cisco catalyst_6800ia_firmware 15.5(01.01.85)sy07
cisco ios_xe 15.2(07)e02
cisco nexus_9272q_firmware 9.3(5)
cisco meraki_ms355_firmware -
cisco nexus_92348gc-x_firmware 9.3(5)
cisco nexus_9336c-fx2-e_firmware 9.3(5)
cisco nexus_9336c-fx2_firmware 9.3(5)
CVE-2021-27854

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
ietf p802.1q *
ieee ieee_802.2 *
CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
ietf p802.1q *
ieee ieee_802.2 *
CVE-2021-27862

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
ietf p802.1q *
ieee ieee_802.2 *
CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
cisco business_process_automation *
cisco unified_attendant_console_advanced -
redhat openshift_container_platform_assisted_installer -
redhat jboss_fuse 6.0.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_websafe 17.1.0
redhat advanced_cluster_management_for_kubernetes 2.0
cisco telepresence_video_communication_server *
netapp oncommand_insight -
kazu-yamamoto http2 *
amazon opensearch_data_prepper *
linkerd linkerd 2.13.1
redhat migration_toolkit_for_virtualization -
projectcontour contour *
redhat run_once_duration_override_operator -
redhat machine_deletion_remediation_operator -
microsoft windows_11_22h2 *
redhat openshift_dev_spaces -
f5 nginx *
f5 big-ip_application_visibility_and_reporting *
nodejs node.js *
redhat openstack_platform 16.1
cisco crosswork_data_gateway *
apache apisix *
redhat openshift_distributed_tracing -
akka http_server *
redhat enterprise_linux 6.0
caddyserver caddy *
redhat certification_for_red_hat_enterprise_linux 8.0
openresty openresty *
envoyproxy envoy 1.24.10
cisco data_center_network_manager -
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_local_traffic_manager *
redhat service_telemetry_framework 1.5
golang go *
redhat openshift_container_platform 4.0
varnish_cache_project varnish_cache *
fedoraproject fedora 38
facebook proxygen *
redhat ceph_storage 5.0
redhat advanced_cluster_security 4.0
microsoft windows_10_22h2 *
cisco iot_field_network_director *
f5 big-ip_ssl_orchestrator *
redhat process_automation 7.0
redhat integration_service_registry -
f5 big-ip_ssl_orchestrator 17.1.0
redhat openshift_serverless -
cisco prime_cable_provisioning *
redhat jboss_enterprise_application_platform 7.0.0
redhat service_interconnect 1.0
redhat migration_toolkit_for_applications 6.0
microsoft .net *
redhat jboss_a-mq 7
apple swiftnio_http/2 *
f5 nginx_plus *
redhat cert-manager_operator_for_red_hat_openshift -
cisco unified_contact_center_domain_manager -
f5 big-ip_link_controller *
cisco secure_malware_analytics *
cisco unified_contact_center_management_portal -
f5 big-ip_application_visibility_and_reporting 17.1.0
redhat fence_agents_remediation_operator -
cisco crosswork_data_gateway 5.0
redhat openshift -
apache traffic_server *
redhat jboss_a-mq_streams -
apache tomcat *
linecorp armeria *
redhat self_node_remediation_operator -
cisco secure_web_appliance_firmware *
apache tomcat 11.0.0
cisco firepower_threat_defense *
redhat cryostat 2.0
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
debian debian_linux 10.0
redhat enterprise_linux 9.0
cisco nx-os *
cisco unified_contact_center_enterprise -
f5 nginx_plus r30
redhat openshift_virtualization 4
cisco crosswork_situation_manager -
f5 big-ip_global_traffic_manager 17.1.0
redhat openshift_service_mesh 2.0
cisco prime_infrastructure *
redhat jboss_enterprise_application_platform 6.0.0
microsoft windows_11_21h2 *
golang networking *
microsoft windows_server_2022 -
redhat node_healthcheck_operator -
redhat support_for_spring_boot -
linkerd linkerd *
microsoft azure_kubernetes_service *
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_next 20.0.1
redhat satellite 6.0
fedoraproject fedora 37
f5 big-ip_ddos_hybrid_defender 17.1.0
redhat openshift_api_for_data_protection -
f5 big-ip_advanced_web_application_firewall 17.1.0
grpc grpc 1.57.0
redhat decision_manager 7.0
redhat openshift_data_science -
redhat openstack_platform 16.2
envoyproxy envoy 1.25.9
f5 big-ip_carrier-grade_nat *
f5 big-ip_advanced_firewall_manager 17.1.0
redhat advanced_cluster_security 3.0
f5 big-ip_application_security_manager *
dena h2o *
f5 nginx_plus r29
f5 big-ip_fraud_protection_service *
cisco prime_access_registrar *
f5 big-ip_carrier-grade_nat 17.1.0
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_webaccelerator 17.1.0
redhat jboss_core_services -
microsoft windows_10_21h2 *
f5 big-ip_ddos_hybrid_defender *
eclipse jetty *
golang http2 *
debian debian_linux 11.0
cisco ultra_cloud_core_-_session_management_function *
microsoft windows_10_1809 *
linkerd linkerd 2.14.1
redhat cost_management -
grpc grpc *
ietf http 2.0
redhat build_of_optaplanner 8.0
redhat web_terminal -
netapp astra_control_center -
f5 big-ip_domain_name_system *
redhat jboss_fuse 7.0.0
f5 big-ip_analytics *
f5 big-ip_websafe *
apache solr *
f5 big-ip_next_service_proxy_for_kubernetes *
envoyproxy envoy 1.26.4
cisco expressway *
redhat enterprise_linux 8.0
redhat integration_camel_for_spring_boot -
redhat certification_for_red_hat_enterprise_linux 9.0
redhat 3scale_api_management_platform 2.0
envoyproxy envoy 1.27.0
redhat node_maintenance_operator -
f5 big-ip_link_controller 17.1.0
linkerd linkerd 2.13.0
f5 big-ip_application_acceleration_manager 17.1.0
microsoft windows_10_1607 *
f5 big-ip_access_policy_manager 17.1.0
redhat jboss_data_grid 7.0.0
cisco enterprise_chat_and_email -
redhat openshift_secondary_scheduler_operator -
cisco prime_network_registrar *
f5 big-ip_advanced_web_application_firewall *
redhat openshift_developer_tools_and_services -
debian debian_linux 12.0
f5 big-ip_local_traffic_manager 17.1.0
cisco ios_xr *
traefik traefik 3.0.0
istio istio *
nghttp2 nghttp2 *
redhat logging_subsystem_for_red_hat_openshift -
redhat migration_toolkit_for_containers -
f5 big-ip_application_acceleration_manager *
konghq kong_gateway *
traefik traefik *
microsoft windows_server_2019 -
microsoft visual_studio_2022 *
f5 nginx_ingress_controller *
f5 big-ip_analytics 17.1.0
linkerd linkerd 2.14.0
redhat openshift_pipelines -
microsoft cbl-mariner *
cisco connected_mobile_experiences *
redhat openstack_platform 17.1
redhat openshift_gitops -
cisco ultra_cloud_core_-_policy_control_function *
cisco ios_xe *
redhat integration_camel_k -
redhat openshift_sandboxed_containers -
f5 big-ip_policy_enforcement_manager *
cisco fog_director *
f5 big-ip_global_traffic_manager *
cisco unified_contact_center_enterprise_-_live_data_server *
microsoft windows_server_2016 -
jenkins jenkins *
f5 big-ip_access_policy_manager *
cisco secure_dynamic_attributes_connector *
redhat ansible_automation_platform 2.0
cisco crosswork_zero_touch_provisioning *
redhat single_sign-on 7.0
cisco ultra_cloud_core_-_serving_gateway_function *
f5 big-ip_webaccelerator *
redhat quay 3.0.0
redhat build_of_quarkus -
f5 big-ip_advanced_firewall_manager *
netty netty *
redhat network_observability_operator -
microsoft asp.net_core *
CVE-2024-7595

GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 2.2 3.7

Products Affected

Vendor Product Version
ietf generic_routing_encapsulation6 -
ietf generic_routing_encapsulation -
CVE-2024-7596

Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 2.2 3.7

Products Affected

Vendor Product Version
ietf generic_udp_encapsulation -
CVE-2025-23018

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N 2.2 2.7
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 2.2 3.7

Products Affected

Vendor Product Version
ietf ipv6 -
CVE-2025-23019

IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 2.2 3.7
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N 2.2 2.7

Products Affected

Vendor Product Version
ietf ipv6 -