...
| Code Block | ||
|---|---|---|
| ||
#API: /vince/comm/api/case/495801/csaf/ # get draft vul note {
"document": {
"acknowledgments": [
{
"urls": [
"https://kb.cert.org/vuls/id/495801#acknowledgements"
]
}
],
"category": "CERT/CC Vulnerability Note",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "### Overview\r\n\r\nVersions 1.1.5 and earlier of the mu HTTP deamon ......",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ",
"title": "Legal Disclaimer"
},
{
"category": "other",
"text": "CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ",
"title": "Limitations of Advisory"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: cert@cert.org, Phone: +1412 268 5800",
"issuing_authority": "CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ",
"name": "CERT/CC",
"namespace": "https://kb.cert.org/"
},
"references": [
{
"url": "https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy",
"summary": "CERT/CC vulnerability disclosure policy"
},
{
"summary": "CERT/CC document released",
"category": "self",
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"url": "https://derekabdine.com/blog/2022-arris-advisoryself",
"summaryurl": "https://derekabdine.com/blog/2022-arris-advisorykb.cert.org/vuls/id/495801"
},
{
"url": "https://blogderekabdine.malwarebytes.com/exploits-and-vulnerabilitiesblog/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacksadvisory",
"summary": "https://blog.malwarebytesderekabdine.com/exploits-and-vulnerabilitiesblog/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacksadvisory"
},
{
"url": "https://www.cisa.gov/uscert/ncas/tips/ST15-002",
"summary": "https://www.cisa.gov/uscert/ncas/tips/ST15-002"
}
],
"title": "muhttpd versions 1.1.5 and earlier are vulnerable to path traversal",
"tracking": {
"current_release_date": "2022-08-05 20:02:52.605648+00:00",
"generator": {
"engine": {
"name": "VINCE",
"version": "1.50.3"
}
},
"id": "VU#495801",
"initial_release_date": "2022-08-04 18:22:24.069865+00:00",
"revision_history": [
{
"date": "2022-08-05 20:02:52.605648+00:00",
"number": "1.20220805200252.2",
"summary": "Released on 2022-08-05 20:02:52.605648+00:00"
}
],
"status": "final",
"version": "1.20220805200252.2"
}
},
"vulnerabilities": [
{
"title": "The base firmware for this modem contains an MIT-licensed web server from an individual developer called \"muhttpd.",
"notes": [
{
"category": "summary",
"text": "The base firmware for this modem contains an MIT-licensed web server from an individual developer called \"muhttpd.\" This server has been unmaintained since 2010. The server has a path traversal vulnerability that allows any file on the modem to be read as root"
}
],
"cve": "CVE-2022-31793",
"ids": [
{
"system_name": "CERT/CC V Identifier ",
"text": "VU#495801"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-eb07f774-32d4-11ed-aeca-0aa659cdc35f"
]
}
}
],
"product_tree": {
"branches": [
{
"category": "vendor",
"name": "AT&T",
"product": {
"name": "AT&T Products",
"product_id": "CSAFPID-eb07f774-32d4-11ed-aeca-0aa659cdc35f"
}
},
{
"category": "vendor",
"name": "SaskTel",
"product": {
"name": "SaskTel Products",
"product_id": "CSAFPID-eb082dc0-32d4-11ed-aeca-0aa659cdc35f"
}
}
]
}
} |
...