search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Vulnerability Note VU#647177

Original Release Date: 2020-05-18 | Last Revised: 2020-05-26

Overview

Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to impersonate a previously paired/bonded device and successfully authenticate without knowing the link key. This could allow an attacker to gain full access to the paired device by performing a Bluetooth Impersonation Attack (BIAS).

Description

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations, including the Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations. Bluetooth BR/EDR is used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to spoof the address of a previously paired remote device to successfully complete the authentication procedure with some paired/bonded devices without knowing the link key.

The Bluetooth Impersonation Attack (BIAS) can be performed in two different ways, depending on which Secure Simple Pairing method (either Legacy Secure Connections or Secure Connections) was previously used to establish a connection between two devices. If the pairing procedure was completed using the Secure Connections method, the attacker could claim to be the previously paired remote device that no longer supports secure connections, thereby downgrading the authentication security. This would allow the attacker to proceed with the BIAS method against the legacy authentication unless the device they are attacking is in Secure Connections only mode. If the attacker can either downgrade authentication or is attacking a device that does not support Secure Connections, they can perform the attack using a similar method by initiating a master-slave role switch to place itself into the master role and become the authentication initiator. If successful, they complete the authentication with the remote device. If the remote device does not then mutually authenticate with the attacker in the master role, it will result in the authentication-complete notification on both devices, even though the attacker does not possess the link key.

The BIAS method is able to be performed for the following reasons: Bluetooth secure connection establishment is not encrypted and the selection of secure connections pairing method is not enforced for an already established pairing, Legacy Secure Connections secure connection establishment does not require mutual authentication, a Bluetooth device can perform a role switch any time after baseband paging, and devices who paired using Secure Connections can use Legacy Secure Connections during secure connection establishment.

Impact

An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. The BIAS attack could be combined with the Key Negotiation of Bluetooth (KNOB) attack to "impersonate a Bluetooth device, complete authentication without possessing the link key, negotiate a session key with low entropy, establish a secure connection, and brute force the session key". An attacker could initiate a KNOB attack on encryption key strength without intervening in an ongoing pairing procedure through an injection attack. If the accompanying KNOB attack is successful, an attacker may gain full access as the remote paired device. If the KNOB attack is unsuccessful, the attacker will not be able to establish an encrypted link but may still appear authenticated to the host.

Solution

Bluetooth host and controller suppliers should refer to the Bluetooth SIG's statement for guidance on updating their products. Downstream vendors should refer to their suppliers for updates.

Vendor Information

647177
 

Apple Affected

Notified:  April 06, 2020 Updated: May 14, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bluetooth SIG Affected

Notified:  December 10, 2019 Updated: May 18, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Broadcom Affected

Notified:  April 06, 2020 Updated: May 14, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cypress Semiconductor Affected

Notified:  April 06, 2020 Updated: May 14, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Affected

Notified:  April 06, 2020 Updated: May 14, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QUALCOMM Incorporated Affected

Notified:  April 06, 2020 Updated: May 14, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Affected

Notified:  April 06, 2020 Updated: May 14, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Not Affected

Notified:  April 06, 2020 Updated: April 14, 2020

Statement Date:   April 10, 2020

Status

Not Affected

Vendor Statement

Not vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH Not Affected

Notified:  April 06, 2020 Updated: May 26, 2020

Statement Date:   May 17, 2020

Status

Not Affected

Vendor Statement

LANCOM Systems products are not vulnerable to these vulnerabilities.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zyxel Not Affected

Notified:  April 06, 2020 Updated: April 20, 2020

Statement Date:   April 13, 2020

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADTRAN Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ANTlabs Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actiontec Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aerohive Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AhnLab Inc Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AirWatch Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Akamai Technologies, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Allied Telesis Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Amazon Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Android Open Source Project Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aruba Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Atheros Communications Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belden Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bell Canada Enterprises Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlackBerry Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blue Coat Systems Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlueCat Networks, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blunk Microsystems Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BoringSSL Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Buffalo Inc Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CA Technologies Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CMX Systems Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CZ.NIC Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cambium Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ceragon Networks Inc Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cirpack Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Comcast Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Contiki OS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cricket Wireless Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell SecureWorks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Devicescape Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digi International Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ENEA Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EfficientIP SAS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Espressif Systems Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

European Registry for Internet Domains Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Express Logic Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fastly Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Brocade Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GFI Software, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU adns Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU glibc Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Grandstream Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Green Hills Software Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HCC Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Honeywell Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

INTEROP Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

InfoExpress, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Infoblox Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Inmarsat Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

JH Software Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LG Electronics Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LITE-ON Technology Corporation Unknown

Notified:  May 06, 2020 Updated: May 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LITE-ON Technology Corporation Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lancope Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lantronix Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LibreSSL Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LiteSpeed Technologies, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lynx Software Technologies Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marvell Semiconductors Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MediaTek Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Medtronic Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Men & Mice Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MetaSwitch Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microchip Technology Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MikroTik Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Miredo Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Muonics, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NETSCOUT Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NIKSUN Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NLnet Labs Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBurner Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nixu Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nominum Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OleumTech Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenConnect Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenSSL Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenWRT Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oryx Embedded Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PHPIDS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Paessler Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Palo Alto Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Peplink Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PowerDNS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pulse Secure Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QLogic Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quadros Systems Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverbed Technologies Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rocket RTOS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Roku Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Mobile Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sierra Wireless Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Silvair Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SonicWall Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sonos Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sophos Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TCPWave Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TDS Telecom Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TP-LINK Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tenable Network Security Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint Technologies Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Commerce Solutions Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Treck Unknown

Notified:  May 06, 2020 Updated: May 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubiquiti Networks Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Untangle Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vertical Networks, Inc. Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WizNET Technology Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xiaomi Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xilinx Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zebra Technologies Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zephyr Project Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dnsmasq Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eCosCentric Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

lwIP Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmp Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmpj Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSense Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

wolfSSL Unknown

Notified:  April 06, 2020 Updated: April 06, 2020

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 222 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 4.8 AV:A/AC:L/Au:N/C:P/I:P/A:N
Temporal 4.8 E:ND/RL:ND/RC:ND
Environmental 4.8 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Daniele Antonioli of Singapore University of Technology and Design, Nils Ole Tippenhauer of CISPA Helmholtz Center for Information Security, and Kasper Rasmussen of the University of Oxford for reporting this vulnerability.

This document was written by Madison Oliver.

Other Information

CVE IDs: CVE-2020-10135
Date Public: 2020-04-14
Date First Published: 2020-05-18
Date Last Updated: 2020-05-26 13:49 UTC
Document Revision: 31

Sponsored by CISA.