CVE-2018-25062 - OpenCVE

A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:M/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Elementalx	Elementalx

Configuration 1 [-]

cpe:2.3:a:elementalx:elementalx:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79
https://vuldb.com/?ctiid.217152
https://vuldb.com/?id.217152

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-01-01T08:15:00.640Z

Updated: 2024-08-05T12:26:39.637Z

Reserved: 2023-01-01T08:13:18.047Z

Link: CVE-2018-25062

Vulnrichment

Updated: 2024-08-05T12:26:39.637Z

NVD

Status : Modified

Published: 2023-01-01T09:15:09.690

Modified: 2024-05-17T01:27:27.153

Link: CVE-2018-25062

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2018-25062", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-01-01T08:13:18.047Z", "datePublished": "2023-01-01T08:15:00.640Z", "dateUpdated": "2024-08-05T12:26:39.637Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T12:14:06.877Z"}, "title": "flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "affected": [{"vendor": "flar2", "product": "ElementalX", "versions": [{"version": "6.x", "status": "affected"}], "modules": ["ipsec"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in flar2 ElementalX bis 6.x f\u00fcr Nexus 9 entdeckt. Es geht dabei um die Funktion xfrm_dump_policy_done der Datei net/xfrm/xfrm_user.c der Komponente ipsec. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 7.00 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1df72c9f0f61304437f4f1037df03b5fb36d5a79 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.3, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P"}}], "timeline": [{"time": "2023-01-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-01-01T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-01-01T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-01-26T15:42:17.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Mohamed Ghannam", "type": "finder"}, {"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.217152", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.217152", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T18:22:58.558207Z", "id": "CVE-2018-25062", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T18:23:05.198Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:26:39.637Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.217152", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.217152", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79", "tags": ["patch", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.217152", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.217152", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:26:39.637Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25062", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-18T18:22:58.558207Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T18:23:02.190Z"}}], "cna": {"title": "flar2 ElementalX ipsec xfrm_user.c xfrm_dump_policy_done denial of service", "credits": [{"lang": "en", "type": "finder", "value": "Mohamed Ghannam"}, {"lang": "en", "type": "tool", "value": "VulDB GitHub Commit Analyzer"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.3, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P"}}], "affected": [{"vendor": "flar2", "modules": ["ipsec"], "product": "ElementalX", "versions": [{"status": "affected", "version": "6.x"}]}], "timeline": [{"lang": "en", "time": "2023-01-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-01-01T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-01-01T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-01-26T15:42:17.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.217152", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.217152", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in flar2 ElementalX bis 6.x f\u00fcr Nexus 9 entdeckt. Es geht dabei um die Funktion xfrm_dump_policy_done der Datei net/xfrm/xfrm_user.c der Komponente ipsec. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 7.00 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 1df72c9f0f61304437f4f1037df03b5fb36d5a79 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "CWE-404 Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T12:14:06.877Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25062", "state": "PUBLISHED", "dateUpdated": "2024-08-05T12:26:39.637Z", "dateReserved": "2023-01-01T08:13:18.047Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-01-01T08:15:00.640Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elementalx:elementalx:*:*:*:*:*:*:*:*", "matchCriteriaId": "65E96B0D-65B0-4609-AA48-03517A8B8B12", "versionEndExcluding": "7.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."}, {"lang": "es", "value": "Una vulnerabilidad clasificada como problem\u00e1tica ha sido encontrada en flar2 ElementalX hasta 6.x en Nexus 9. La funci\u00f3n xfrm_dump_policy_done del archivo net/xfrm/xfrm_user.c del componente ipsec es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. La actualizaci\u00f3n a la versi\u00f3n 7.00 puede solucionar este problema. El nombre del parche es 1df72c9f0f61304437f4f1037df03b5fb36d5a79. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-217152."}], "id": "CVE-2018-25062", "lastModified": "2024-05-17T01:27:27.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 2.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-01-01T09:15:09.690", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/flar2/ElementalX-N9/commit/1df72c9f0f61304437f4f1037df03b5fb36d5a79"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.217152"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.217152"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}