CVE-2019-17006 — CRITICAL (9.8)

Q: How severe is CVE-2019-17006?

CVE-2019-17006 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-17006?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ruggedcom Rox Mx5000 Firmware, Siemens Ruggedcom Rox Mx5000, Siemens Ruggedcom Rox Rx1400 Firmware, Siemens Ruggedcom Rox Rx1400, Siemens Ruggedcom Rox Rx1500 Firmware.

Vulnerability Description

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Ruggedcom Rox Mx5000 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Mx5000	-
Siemens	Ruggedcom Rox Rx1400 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1400	-
Siemens	Ruggedcom Rox Rx1500 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1500	-
Siemens	Ruggedcom Rox Rx1501 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1501	-
Siemens	Ruggedcom Rox Rx1510 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1510	-
Siemens	Ruggedcom Rox Rx1511 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1511	-
Siemens	Ruggedcom Rox Rx1512 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1512	-
Siemens	Ruggedcom Rox Rx5000 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx5000	-
Mozilla	Network Security Services	< 3.46
Netapp	Hci Management Node	-
Netapp	Solidfire	-
Netapp	Hci Compute Node	-

Related Weaknesses (CWE)

CWE-20 CWE-119

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1539788ExploitIssue TrackingPatch
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfThird Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_nRelease NotesVendor Advisory
https://security.netapp.com/advisory/ntap-20210129-0001/Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04Third Party AdvisoryUS Government Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788ExploitIssue TrackingPatch
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfThird Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_nRelease NotesVendor Advisory
https://security.netapp.com/advisory/ntap-20210129-0001/Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2019-17006?

CVE-2019-17006 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inp...

How severe is CVE-2019-17006?

CVE-2019-17006 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-17006?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ruggedcom Rox Mx5000 Firmware, Siemens Ruggedcom Rox Mx5000, Siemens Ruggedcom Rox Rx1400 Firmware, Siemens Ruggedcom Rox Rx1400, Siemens Ruggedcom Rox Rx1500 Firmware.