CVE-2019-5108
HIGH
7,4
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: none
Availability: high
LOW
3,3
Source: [email protected]
Access Vector: adjacent_network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0068
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
287
Improper Authentication
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Access Control
Potential Impacts:
Read Application Data
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
440
Expected Behavior Violation
DraftCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Quality Degradation
Varies By Context
Applicable Platforms
Technologies:
ICS/OT
Operating System
A400 Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Data Availability Services by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
8700 Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
8300 Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
To
5.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Cloud Backup by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sd-Wan Edge by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Hci Management Node by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Solidfire by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Steelstore Cloud Integrated Storage by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
H610S Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
A700S Firmware by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
E-Series Santricity Os Controller by Netapp
Version Range Affected
From
11.0.0
(inclusive)
To
11.70.1
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-L…
https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://security.netapp.com/advisory/ntap-20200204-0002/
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
https://usn.ubuntu.com/4285-1/
https://usn.ubuntu.com/4286-1/
https://usn.ubuntu.com/4286-2/
https://usn.ubuntu.com/4287-1/
https://usn.ubuntu.com/4287-2/
https://www.debian.org/security/2020/dsa-4698
https://www.oracle.com/security-alerts/cpuApr2021.html
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-L…
https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://security.netapp.com/advisory/ntap-20200204-0002/
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
https://usn.ubuntu.com/4285-1/
https://usn.ubuntu.com/4286-1/
https://usn.ubuntu.com/4286-2/
https://usn.ubuntu.com/4287-1/
https://usn.ubuntu.com/4287-2/
https://www.debian.org/security/2020/dsa-4698
https://www.oracle.com/security-alerts/cpuApr2021.html