Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU70563
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCAX80: before 2.1.4.2
RAXE450: before 1.0.8.70
RAXE500: before 1.0.8.70
EX6120: before 1.0.0.66
EX6130: before 1.0.0.46
MK62: before 1.1.6.122
MR60: before 1.1.6.122
MS60: before 1.1.6.122
R6400v2: before 1.0.4.122
R6700v3: before 1.0.4.122
RAX45: before 1.0.5.106
RAX50: before 1.0.5.106
RAX43: before 1.0.5.106
RAX40v2: before 1.0.5.106
RAX38v2: before 1.0.5.106
RAX35v2: before 1.0.5.106
R7000: before 1.0.11.130
LAX20: before 1.1.6.34
MK83: before 1.1.6.14
MR80: before 1.1.6.14
MS80: before 1.1.6.14
R7000P: before 1.3.3.148
R6900P: before 1.3.3.148
XR1000: before 1.0.0.64
RAX75: before 1.0.6.138
RAX80: before 1.0.6.138
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.