CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

CVSS v3.0 8.1 HIGH
CVSS v2.0 4.6 MEDIUM

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:S/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openssh.com/txt/release-7.1p2	Patch Release Notes Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/01/14/7	Exploit Mailing List Technical Description Third Party Advisory
https://support.apple.com/HT206167	Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Mailing List Release Notes Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/	Release Notes Vendor Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Release Notes Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.securityfocus.com/bid/80698	Third Party Advisory VDB Entry
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2016/Jan/44	Mailing List Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa109	Third Party Advisory
http://www.debian.org/security/2016/dsa-3446	Third Party Advisory
http://www.ubuntu.com/usn/USN-2869-1	Third Party Advisory
https://security.gentoo.org/glsa/201601-01	Third Party Advisory
http://www.securitytracker.com/id/1034671	Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html	Third Party Advisory VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html	Mailing List Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
http://www.securityfocus.com/archive/1/537295/100/0/threaded	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:oracle:solaris:11.3:::::::*
	cpe:2.3:o:oracle:linux:7:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:openbsd:openssh:5.4:::::::*
	cpe:2.3:a:openbsd:openssh:5.5:::::::*
	cpe:2.3:a:openbsd:openssh:6.6:::::::*
	cpe:2.3:a:openbsd:openssh:6.7:::::::*
	cpe:2.3:a:openbsd:openssh:5.4:p1::::::
	cpe:2.3:a:openbsd:openssh:6.2:p1::::::
	cpe:2.3:a:openbsd:openssh:6.9:::::::*
	cpe:2.3:a:openbsd:openssh:6.8:p1::::::
	cpe:2.3:a:openbsd:openssh:5.7:p1::::::
	cpe:2.3:a:openbsd:openssh:6.0:::::::*
	cpe:2.3:a:openbsd:openssh:6.3:::::::*
	cpe:2.3:a:openbsd:openssh:6.1:p1::::::
	cpe:2.3:a:openbsd:openssh:5.9:::::::*
	cpe:2.3:a:openbsd:openssh:6.5:p1::::::
	cpe:2.3:a:openbsd:openssh:6.1:::::::*
	cpe:2.3:a:openbsd:openssh:6.3:p1::::::
	cpe:2.3:a:openbsd:openssh:7.0:p1::::::
	cpe:2.3:a:openbsd:openssh:5.6:p1::::::
	cpe:2.3:a:openbsd:openssh:5.9:p1::::::
	cpe:2.3:a:openbsd:openssh:7.1:::::::*
	cpe:2.3:a:openbsd:openssh:6.8:::::::*
	cpe:2.3:a:openbsd:openssh:6.6:p1::::::
	cpe:2.3:a:openbsd:openssh:5.8:::::::*
	cpe:2.3:a:openbsd:openssh:5.7:::::::*
	cpe:2.3:a:openbsd:openssh:6.0:p1::::::
	cpe:2.3:a:openbsd:openssh:6.4:::::::*
	cpe:2.3:a:openbsd:openssh:6.5:::::::*
	cpe:2.3:a:openbsd:openssh:6.4:p1::::::
	cpe:2.3:a:openbsd:openssh:7.1:p1::::::
	cpe:2.3:a:openbsd:openssh:5.6:::::::*
	cpe:2.3:a:openbsd:openssh:5.5:p1::::::
	cpe:2.3:a:openbsd:openssh:5.8:p1::::::
	cpe:2.3:a:openbsd:openssh:6.2:::::::*
	cpe:2.3:a:openbsd:openssh:6.2:p2::::::
	cpe:2.3:a:openbsd:openssh:6.9:p1::::::
	cpe:2.3:a:openbsd:openssh:7.0:::::::*
	cpe:2.3:a:openbsd:openssh:6.7:p1::::::

Configuration 3 (hide)

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 4 (hide)

cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*

Information

Published : 2016-01-14 14:59

Updated : 2022-12-13 04:15

NVD link : CVE-2016-0778

Mitre link : CVE-2016-0778

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

openbsd

openssh

sophos

unified_threat_management_software

apple

mac_os_x

virtual_customer_access_system

oracle

linux
solaris

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openssh.com/txt/release-7.1p2", "name": "http://www.openssh.com/txt/release-7.1p2", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7", "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", "tags": ["Exploit", "Mailing List", "Technical Description", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://support.apple.com/HT206167", "name": "https://support.apple.com/HT206167", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "name": "APPLE-SA-2016-03-21-5", "tags": ["Mailing List", "Release Notes", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", "name": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", "name": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/80698", "name": "80698", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html", "name": "FEDORA-2016-2e89eba0c1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html", "name": "openSUSE-SU-2016:0127", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html", "name": "SUSE-SU-2016:0119", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html", "name": "SUSE-SU-2016:0117", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://seclists.org/fulldisclosure/2016/Jan/44", "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "https://bto.bluecoat.com/security-advisory/sa109", "name": "https://bto.bluecoat.com/security-advisory/sa109", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2016/dsa-3446", "name": "DSA-3446", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.ubuntu.com/usn/USN-2869-1", "name": "USN-2869-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://security.gentoo.org/glsa/201601-01", "name": "GLSA-201601-01", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.securitytracker.com/id/1034671", "name": "1034671", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html", "name": "SUSE-SU-2016:0118", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html", "name": "openSUSE-SU-2016:0128", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html", "name": "SUSE-SU-2016:0120", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "name": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html", "name": "FEDORA-2016-4556904561", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded", "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-0778", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}}, "publishedDate": "2016-01-14T22:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.9.5", "versionStartIncluding": "10.9.0"}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.10.5", "versionStartIncluding": "10.10.0"}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.11.3", "versionStartIncluding": "10.11.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "15.07"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-13T12:15Z"}

8.1 /10