CVE-2020-7461

{"id": "CVE-2020-7461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2021-03-26T21:15:13.053", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf", "tags": ["Third Party Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.asc", "tags": ["Vendor Advisory"], "source": "secteam@freebsd.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit."}, {"lang": "es", "value": "En FreeBSD versiones 12.1-STABLE anteriores a r365010, 11.4-STABLE anteriores a r365011, 12.1-RELEASE anteriores a p9, 11.4-RELEASE anteriores a p3 y 11.3-RELEASE anteriores a p13, dhclient(8) no puede manejar determinadas entradas malformadas relacionadas con el manejo de la opci\u00f3n 119 de DHCP resultando en un desbordamiento de la pila. En principio, el desbordamiento de la pila podr\u00eda explotarse para lograr una ejecuci\u00f3n de c\u00f3digo remota. El proceso afectado se ejecuta con privilegios reducidos en un sandbox Capsicum, limitando el impacto inmediato de una explotaci\u00f3n."}], "lastModified": "2021-09-16T16:03:39.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B87AF171-95AC-4DDA-8D94-694F85638B46"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC8B031-41BB-4846-B092-7E4BC6F35D6B"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83E34012-BC9D-4F0C-AAE1-FE5767B4EED6"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A705031B-FD63-4076-B92E-E826E11D7111"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C1EFB1-68E5-45F4-A7E1-744574F290D1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25F649A7-9265-4552-8934-BCE083363982"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F202C856-5B95-4796-AC4A-1F210E7BAB8F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9419C866-C478-4CDE-A9A1-E592D8FF0933"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B6DFC23-A7A1-431A-9AD9-A820579F95F0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A865EA1-01D7-4E5A-9D13-80780F8A9D7A"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FCA6A72-2A72-45FD-A43D-B5BF7C329121"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "508150E3-2C0C-4EEB-BFC9-BB5CEB404C06"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5D692EF-A5D7-430E-91BA-4CD137343B66"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D50C60A7-4C9F-4636-92E9-9F5B8B01BE5B"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C49F6C7-A740-42F4-93BB-512CBF334516"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "402740C4-5B55-423F-BAD2-F742E1E21ADC"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DCAA10A-C612-45E0-84B7-55897F49D65E"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB6258A5-8066-48B8-A417-09A1547DD57A"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6601C7C4-EC36-4EAA-90AC-D3156A2BF330"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_rf350m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B60EA5E-219D-44E8-800B-97AB739B5895"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_rf350m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4B5DF0A-2850-4BFA-B110-36F2BE323A28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_rf650m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B1DF7FC-EE60-48EE-8301-B8BDED3FD33E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_rf650m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7DAE6641-16B6-4B41-B170-DAB51DF5AEC2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secteam@freebsd.org"}