search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Marvell Avastar wireless SoCs have multiple vulnerabilities

Vulnerability Note VU#730261

Original Release Date: 2019-02-05 | Last Revised: 2019-04-19

Overview

Some Marvell Avastar wireless system on chip (SoC) models have multiple vulnerabilities, including a block pool overflow during Wi-Fi network scan.

Description

A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs (models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans, an overflow condition can be triggered, overwriting certain block pool data structures. Because many devices conduct automatic background network scans, this vulnerability could be exploited regardless of whether the target is connected to a Wi-Fi network and without user interaction.

Impact

An unauthenticated attacker within Wi-Fi radio range may be able to use a specially-crafted series of Wi-Fi frames execute arbitrary code on a system with a vulnerable Marvell SoC. Depending on implementation, the compromised SoC may then be used to intercept network traffic or achieve code execution on the host system.

Solution

Marvell issued a statement and encourages customers to contact their Marvell representative for additional support. Microsoft issued an update to multiple Surface devices. See also the

Vendor Information section below.

Restrict physical access
An attacker needs to be within Wi-Fi radio range of the target to exploit the block pool overflow. Restricting access to the area around vulnerable devices may limit an attacker's ability to exploit this vulnerability.

Disable Wi-Fi
For systems that have other connectivity options like wired ethernet, it may be possible and practical to disable Wi-Fi.

Vendor Information

730261
 
Affected   Unknown   Unaffected

Marvell Semiconductor

Notified:  January 04, 2019 Updated:  March 18, 2019

Status

  Affected

Vendor Statement

Marvell was made aware of a potential vulnerability (CVE-2019-6496), which was presented at the ZeroNights conference on November 21-22, 2018, with regard to our 88W8897 device. As Marvell places the highest priority on addressing security concerns, we immediately acted to understand the issue and implemented a fix.

    In the presentation, detail was provided to manipulate the open-source Valve Steamlink platform to exploit a memory buffer overflow issue in the device firmware. Unlike this nonsecure
    Valve Steamlink platform, the other systems mentioned in the presentation are all closed systems with high-level security protections in place such as DRM. As noted in the presenter’s blog, this would eliminate the ability for an individual to compromise the system
    security:


      “You may notice, that the majority of devices which use Marvell Wi-Fi are gaming devices, like PS 4 (maybe because of high-performance 802.11ac and Bluetooth COMBO). It’s difficult to research them because of the DRM protection.”

    Marvell is not aware of any real world exploitation of this vulnerability outside of a controlled environment. Marvell deployed a fix to address this issue which we have made available in our standard driver and firmware. We have communicated to our direct customers to update to Marvell’s latest firmware and driver to get the most recent security enhancements, including support for WPA3.

    Marvell encourages customers to contact their Marvell representative for additional support.

Vendor Information

Marvell issued a statement and encourages customers to contact their Marvell representative for additional support.

Vendor References

Microsoft

Notified:  January 04, 2019 Updated:  March 11, 2019

Statement Date:   January 08, 2019

Status

  Affected

Vendor Statement

Please find below information related to Surface devices that includes Marvell AVASTAR firmware 15.68.9125.57.

Devices with this information:
[1] Surface 3 (Windows 10, version 1703 or greater)
[2] Surface Book (Windows 10 Fall Creators Update, version 1709 or greater)
[3] Surface Book 2 (Windows 10 Fall Creators Update, version 1709 or greater)
[4] Surface Laptop (1st Gen) (Windows 10 April 2018 Update, version 1803 or greater)
[5] Surface Studio (1st Gen) (Windows 10 Fall Creators Update (version 1709) or greater)
[6] Surface Pro (5th Gen) ((Model 1796 & Model 1807) devices running Windows 10 Fall Creators Update, build 1709 or greater:)
[7] Surface Pro 3 (Windows 10 Creators Update, version 1703 or greater)
[8] Surface Pro 4 (Windows 10 Fall Creators Update, version 1709 or greater)

Devices with no information about Marvell fixes (unfixed or unaffected):
* Surface Go
* Surface Go LTE
* Surface Studio 2
* Surface Pro
* Surface Pro 2
* Surface Pro 6
* Surface Laptop 2
* Surface 2
* Surface RT

Vendor Information

Microsoft issued multiple updates.

Vendor References

Valve

Notified:  January 04, 2019 Updated:  February 11, 2019

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH

Notified:  February 12, 2019 Updated:  February 14, 2019

Statement Date:   February 14, 2019

Status

  Not Affected

Vendor Statement

AVM products are not affected. We do not use any Marvell component in any of our products.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple

Notified:  February 12, 2019 Updated:  February 25, 2019

Statement Date:   February 22, 2019

Status

  Not Affected

Vendor Statement

We have reviewed this report and determined that we are not affected by this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aruba Networks

Notified:  February 12, 2019 Updated:  February 12, 2019

Statement Date:   February 12, 2019

Status

  Not Affected

Vendor Statement

I can confirm that Aruba is NOT affected by this.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems

Notified:  February 12, 2019 Updated:  April 19, 2019

Statement Date:   March 19, 2019

Status

  Not Affected

Vendor Statement

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these Marvell Avastar wireless system on chip models vulnerabilities.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies

Notified:  February 12, 2019 Updated:  February 13, 2019

Statement Date:   February 13, 2019

Status

  Not Affected

Vendor Statement

Check Point Software Technologies is not vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco

Notified:  February 12, 2019 Updated:  February 12, 2019

Statement Date:   February 12, 2019

Status

  Not Affected

Vendor Statement

Cisco has evaluated this vulnerability against its wireless portfolio and determined no Cisco product is affected by it. This assessment is valid for all Cisco enterprise products, Cisco SMB products and Cisco Meraki products.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Devicescape

Notified:  February 12, 2019 Updated:  February 12, 2019

Statement Date:   February 12, 2019

Status

  Not Affected

Vendor Statement

We do not have any driver level software, so this should have no impact on anything we do. Some of our customers may well be using affected Marvell chipsets, but they manage the OS and driver software themselves (we supply just the supplicant, usually in source code, for customers using our wireless supplicant solution).

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks

Notified:  February 12, 2019 Updated:  February 12, 2019

Statement Date:   February 12, 2019

Status

  Not Affected

Vendor Statement

I have confirmed that EXTR products are not vulnerable to this since we do not use the Marvell Avastar WiFi chips.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc.

Notified:  February 12, 2019 Updated:  February 14, 2019

Statement Date:   February 14, 2019

Status

  Not Affected

Vendor Statement

Fortinet has determined that no Fortinet products are affected by this. The assessment including all FortiAP (including U, C, S and W2 series) and Meru AP products.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks

Notified:  February 12, 2019 Updated:  February 18, 2019

Statement Date:   February 14, 2019

Status

  Not Affected

Vendor Statement

We've evaluated our wireless products and we are not affected by this report.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Muonics, Inc.

Notified:  February 12, 2019 Updated:  March 18, 2019

Status

  Not Affected

Vendor Statement

Not vulnerable. Muonics, Inc. does not have any products using Marvell Avastar SoC.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Palo Alto Networks

Notified:  February 12, 2019 Updated:  February 14, 2019

Statement Date:   February 13, 2019

Status

  Not Affected

Vendor Statement

Palo Alto Networks is not affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sierra Wireless

Notified:  February 12, 2019 Updated:  February 12, 2019

Statement Date:   February 12, 2019

Status

  Not Affected

Vendor Statement

We do not use the Avastar chipset so according to Marvell's disclosure we are not affected by this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology

Notified:  February 12, 2019 Updated:  February 14, 2019

Statement Date:   February 14, 2019

Status

  Not Affected

Vendor Statement

We do not employ Marvell Avastar SoCs for our products. By convention, we will publish a security advisory after public disclosure.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubiquiti Networks

Notified:  February 12, 2019 Updated:  February 13, 2019

Statement Date:   February 13, 2019

Status

  Not Affected

Vendor Statement

Ubiquiti Networks products don't use Marvell Avast WiFi chips, consequently we were not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zyxel

Notified:  February 12, 2019 Updated:  February 13, 2019

Statement Date:   February 13, 2019

Status

  Not Affected

Vendor Statement

 Zyxel is not affected since we do not use the Marvell Avastar WiFi chips.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADTRAN

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ANTlabs

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actiontec

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aerohive

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AhnLab Inc

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AirWatch

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Akamai Technologies, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Amazon

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Android Open Source Project

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Appgate Network Security

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Atheros Communications Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belden

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bell Canada Enterprises

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlackBerry

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blue Coat Systems

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlueCat Networks, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blunk Microsystems

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Broadcom

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CA Technologies

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CMX Systems

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CZ.NIC

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cambium Networks

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ceragon Networks Inc

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cirpack

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Comcast

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Command Software Systems

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Contiki OS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cricket Wireless

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell SecureWorks

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digi International

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ENEA

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EfficientIP SAS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Espressif Systems

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

European Registry for Internet Domains

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Express Logic

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fastly

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Brocade

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GFI Software, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU adns

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU glibc

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google

Notified:  January 04, 2019 Updated:  January 04, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Grandstream

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Honeywell

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

INTEROP

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

InfoExpress, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Infoblox

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Inmarsat

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Interniche Technologies, inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

JH Software

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LG Electronics

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lancope

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lantronix

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lynx Software Technologies

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MediaTek

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Medtronic

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Men & Mice

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MetaSwitch

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microchip Technology

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft Vulnerability Research

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MikroTik

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Miredo

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NETSCOUT

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NIKSUN

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NLnet Labs

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBurner

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nixu

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nominum

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OleumTech

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OmniTI

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenConnect

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenDNS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenIndiana

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oryx Embedded

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PHPIDS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Paessler

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Peplink

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PowerDNS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pulse Secure

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QLogic

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QUALCOMM Incorporated

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quadros Systems

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverbed Technologies

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rocket RTOS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Roku

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Memory

Notified:  January 04, 2019 Updated:  January 04, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Mobile

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Semiconductor Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SonicWall

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sonos

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  January 04, 2019 Updated:  January 04, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sophos, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TCPWave

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TP-LINK

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint Technologies Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Commerce Solutions

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vertical Networks, Inc.

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WizNET Technology

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xiaomi

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xilinx

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zebra Technologies

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zephyr Project

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

aep NETWORKS

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dnsmasq

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eCosCentric

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmp

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmpj

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSense

Notified:  February 12, 2019 Updated:  February 12, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 212 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal 6.1 E:U/RL:OF/RC:C
Environmental 4.6 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

This vulnerability was presented by Denis Selianin at the ZeroNights 2018 conference.

This document was written by Will Dormann and David Warren.

Other Information

CVE IDs: CVE-2019-6496
Date Public: 2018-11-21
Date First Published: 2019-02-05
Date Last Updated: 2019-04-19 17:53 UTC
Document Revision: 98

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.