CVE-2020-14305

Published: Dic 02, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-6457 Aliases: GSD-2020-14305

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

HIGH 8,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: complete

Description

AI Translation Available

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0105

Percentile

0,8th

Updated

EPSS Score Trend (Last 90 Days)

787

Out-of-bounds Write

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State

Applicable Platforms

Languages: Assembly, C, C++, Memory-Unsafe

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

Operating System

A250 Firmware by Netapp

Product Information

Vendor Netapp

Product A250 Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

To 4.11.12 (inclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Aff 500F Firmware by Netapp

Product Information

Vendor Netapp

Product Aff 500F Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Cloud Backup by Netapp

Product Information

Vendor Netapp

Product Cloud Backup

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Fas 500F Firmware by Netapp

Product Information

Vendor Netapp

Product Fas 500F Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version 4.12

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:4.12:-:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Solidfire Baseboard Management Controller Firmware by Netapp

Product Information

Vendor Netapp

Product Solidfire Baseboard Management Controller Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://bugs.openvz.org/browse/OVZ-7188

Exploit Third Party Advisory

https://bugs.openvz.org/browse/OVZ-7188

https://bugzilla.redhat.com/show_bug.cgi?id=1850716

Issue Tracking Patch Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1850716

https://patchwork.ozlabs.org/project/netfilter-devel/patch/…

https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2…

https://security.netapp.com/advisory/ntap-20201210-0004/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201210-0004/

https://bugs.openvz.org/browse/OVZ-7188

Exploit Third Party Advisory

https://bugs.openvz.org/browse/OVZ-7188

https://bugzilla.redhat.com/show_bug.cgi?id=1850716

Issue Tracking Patch Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1850716

https://patchwork.ozlabs.org/project/netfilter-devel/patch/…

https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2…

https://security.netapp.com/advisory/ntap-20201210-0004/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201210-0004/

CVE-2020-14305

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Out-of-bounds Write

Common Consequences

Applicable Platforms

A250 Firmware by Netapp

Product Information

Linux Kernel by Linux

Product Information

Aff 500F Firmware by Netapp

Product Information

Cloud Backup by Netapp

Product Information

Fas 500F Firmware by Netapp

Product Information

Linux Kernel by Linux

Product Information

Solidfire Baseboard Management Controller Firmware by Netapp

Product Information

Iscriviti alla newsletter