CVE-2019-17007

Published: Oct 22, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

Affected (9)

Products: Mozilla: Network Security Services · Siemens: Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 Firmware, Ruggedcom Rox Rx1500 Firmware, Ruggedcom Rox Rx1501 Firmware, Ruggedcom Rox Rx1510 Firmware, Ruggedcom Rox Rx1511 Firmware, Ruggedcom Rox Rx1512 Firmware, Ruggedcom Rox Rx5000 Firmware

Mozilla

1 product

Network Security Services

Siemens

8 products

Ruggedcom Rox Mx5000 Firmware

Ruggedcom Rox Rx1400 Firmware

Ruggedcom Rox Rx1500 Firmware

Ruggedcom Rox Rx1501 Firmware

Ruggedcom Rox Rx1510 Firmware

Ruggedcom Rox Rx1511 Firmware

Ruggedcom Rox Rx1512 Firmware

Ruggedcom Rox Rx5000 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Network Security Services	Before 3.44

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Mx5000 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Mx5000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Rx1400 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Rx1400	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Rx1500 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Rx1500	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Rx1501 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Rx1501	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Rx1510 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Rx1510	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Rx1511 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Rx1511	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Rx1512 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Rx1512	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rox Rx5000 Firmware	Before 2.14.0

Running on/with	Platform Versions
Siemens Ruggedcom Rox Rx5000	All versions

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (8)

https://bugzilla.mozilla.org/show_bug.cgi?id=1533216

Source: security@mozilla.org

ExploitIssue TrackingPatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

Source: security@mozilla.org

Third Party Advisory

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes

Source: security@mozilla.org

Release NotesVendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

Source: security@mozilla.org

Third Party AdvisoryUS Government Resource

https://bugzilla.mozilla.org/show_bug.cgi?id=1533216

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.