search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Vulnerability Note VU#647177

Original Release Date: 2020-05-18 | Last Revised: 2020-05-18

Overview

Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS).

Description

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations, including the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to spoof the address of a previously paired remote device to successfully complete the authentication procedure with some paired/bonded devices without knowing the link key.

The Bluetooth Impersonation Attack (BIAS) can be performed in two different ways, depending on which Secure Simple Pairing method (either Legacy Secure Connections or Secure Connections) was previously used to establish a connection between two devices. If the pairing procedure was completed using the Secure Connections method, the attacker could claim to be the previously paired remote device that no longer supports secure connections, thereby downgrading the authentication security. This would allow the attacker to proceed with the BIAS method against the legacy authentication unless the device they are attacking is in Secure Connections only mode. If the attacker can either downgrade authentication or is attacking a device that does not support Secure Connections, they can perform the attack using a similar method by initiating a master-slave role switch to place itself into the master role and become the authentication initiator. If successful, they complete the authentication with the remote device. If the remote device does not then mutually authenticate with the attacker in the master role, it will result in the authentication-complete notification on both devices, even though the attacker does not possess the link key.

The BIAS method is able to be performed for the following reasons: Bluetooth secure connection establishment is not encrypted and the selection of secure connections pairing method is not enforced for an already established pairing, Legacy Secure Connections secure connection establishment does not require mutual authentication, a Bluetooth device can perform a role switch any time after baseband paging, and devices who paired using Secure Connections can use Legacy Secure Connections during secure connection establishment.

Impact

An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. The BIAS attack could be combined with the Key Negotiation of Bluetooth (KNOB) attack to "impersonate a Bluetooth device, complete authentication without possessing the link key, negotiate a session key with low entropy, establish a secure connection, and brute force the session key". An attacker could initiate a KNOB attack on encryption key strength without intervening in an ongoing pairing procedure through an injection attack. If the accompanying KNOB attack is successful, an attacker may gain full access as the remote paired device. If the KNOB attack is unsuccessful, the attacker will not be able to establish an encrypted link but may still appear authenticated to the host.

Solution

Bluetooth host and controller suppliers should refer to the Bluetooth SIG's statement for guidance on updating their products. Downstream vendors should refer to their suppliers for updates.

Vendor Information

647177
 
Affected   Unknown   Unaffected

Apple

Notified:  April 06, 2020 Updated:  May 14, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bluetooth SIG

Notified:  December 10, 2019 Updated:  May 18, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Broadcom

Notified:  April 06, 2020 Updated:  May 14, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cypress Semiconductor

Notified:  April 06, 2020 Updated:  May 14, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel

Notified:  April 06, 2020 Updated:  May 14, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QUALCOMM Incorporated

Notified:  April 06, 2020 Updated:  May 14, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung

Notified:  April 06, 2020 Updated:  May 14, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point

Notified:  April 06, 2020 Updated:  April 14, 2020

Statement Date:   April 10, 2020

Status

  Not Affected

Vendor Statement

Not vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zyxel

Notified:  April 06, 2020 Updated:  April 20, 2020

Statement Date:   April 13, 2020

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actiontec

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADTRAN

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aerohive

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AhnLab Inc

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AirWatch

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Akamai Technologies, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Allied Telesis

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Amazon

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Android Open Source Project

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ANTlabs

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aruba Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Atheros Communications Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belden

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bell Canada Enterprises

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlackBerry

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlueCat Networks, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blue Coat Systems

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blunk Microsystems

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BoringSSL

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Buffalo Inc

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cambium Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CA Technologies

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ceragon Networks Inc

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cirpack

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CMX Systems

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Comcast

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Contiki OS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cricket Wireless

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CZ.NIC

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell SecureWorks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Devicescape

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digi International

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dnsmasq

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eCosCentric

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EfficientIP SAS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ENEA

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Espressif Systems

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

European Registry for Internet Domains

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Express Logic

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fastly

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Brocade

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GFI Software, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU adns

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU glibc

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Grandstream

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Green Hills Software

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HCC

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Honeywell

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Infoblox

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

InfoExpress, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Inmarsat

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

INTEROP

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

JH Software

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lancope

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lantronix

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LG Electronics

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LibreSSL

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LITE-ON Technology Corporation

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LITE-ON Technology Corporation

Notified:  May 06, 2020 Updated:  May 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LiteSpeed Technologies, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

lwIP

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lynx Software Technologies

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marvell Semiconductors

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MediaTek

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Medtronic

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Men & Mice

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MetaSwitch

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microchip Technology

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MikroTik

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Miredo

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Muonics, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBurner

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NETSCOUT

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmp

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmpj

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NIKSUN

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nixu

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NLnet Labs

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nominum

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OleumTech

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenConnect

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenSSL

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenWRT

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oryx Embedded

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Paessler

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Palo Alto Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Peplink

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSense

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PHPIDS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PowerDNS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pulse Secure

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QLogic

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quadros Systems

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverbed Technologies

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rocket RTOS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Roku

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Mobile

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sierra Wireless

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Silvair

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SonicWall

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sonos

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sophos

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TCPWave

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TDS Telecom

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tenable Network Security

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint Technologies Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Commerce Solutions

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TP-LINK

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Treck

Notified:  May 06, 2020 Updated:  May 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubiquiti Networks

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Untangle

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vertical Networks, Inc.

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WizNET Technology

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

wolfSSL

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xiaomi

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xilinx

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zebra Technologies

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zephyr Project

Notified:  April 06, 2020 Updated:  April 06, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 222 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 4.8 AV:A/AC:L/Au:N/C:P/I:P/A:N
Temporal 4.8 E:ND/RL:ND/RC:ND
Environmental 4.8 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Daniele Antonioli of Singapore University of Technology and Design, Nils Ole Tippenhauer of CISPA Helmholtz Center for Information Security, and Kasper Rasmussen of the University of Oxford for reporting this vulnerability.

This document was written by Madison Oliver.

Other Information

CVE IDs: CVE-2020-10135
Date Public: 2020-04-14
Date First Published: 2020-05-18
Date Last Updated: 2020-05-18 18:16 UTC
Document Revision: 29

Sponsored by CISA.