...
Code Block | ||
---|---|---|
| ||
#API: /vince/comm/api/case/495801/csaf/ # get draft vul note { "document": { "acknowledgments": [ { "urls": [ "https://kb.cert.org/vuls/id/495801#acknowledgements" ] } ], "category": "CERT/CC Vulnerability Note", "csaf_version": "2.0", "notes": [ { "category": "summary", "text": "### Overview\r\n\r\nVersions 1.1.5 and earlier of the mu HTTP deamon ......", "title": "Summary" }, { "category": "legal_disclaimer", "text": "THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ", "title": "Legal Disclaimer" }, { "category": "other", "text": "CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ", "title": "Limitations of Advisory" } ], "publisher": { "category": "coordinator", "contact_details": "Email: cert@cert.org, Phone: +1412 268 5800", "issuing_authority": "CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ", "name": "CERT/CC", "namespace": "https://kb.cert.org/" }, "references": [ { "url": "https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy", "summary": "CERT/CC vulnerability disclosure policy" }, { "summary": "CERT/CC document released", "category": "self", "url": "https://kb.cert.org/vuls/id/495801" }, { "url": "https://derekabdine.com/blog/2022-arris-advisoryself", "summaryurl": "https://derekabdine.com/blog/2022-arris-advisorykb.cert.org/vuls/id/495801" }, { "url": "https://blogderekabdine.malwarebytes.com/exploits-and-vulnerabilitiesblog/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacksadvisory", "summary": "https://blog.malwarebytesderekabdine.com/exploits-and-vulnerabilitiesblog/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacksadvisory" }, { "url": "https://www.cisa.gov/uscert/ncas/tips/ST15-002", "summary": "https://www.cisa.gov/uscert/ncas/tips/ST15-002" } ], "title": "muhttpd versions 1.1.5 and earlier are vulnerable to path traversal", "tracking": { "current_release_date": "2022-08-05 20:02:52.605648+00:00", "generator": { "engine": { "name": "VINCE", "version": "1.50.3" } }, "id": "VU#495801", "initial_release_date": "2022-08-04 18:22:24.069865+00:00", "revision_history": [ { "date": "2022-08-05 20:02:52.605648+00:00", "number": "1.20220805200252.2", "summary": "Released on 2022-08-05 20:02:52.605648+00:00" } ], "status": "final", "version": "1.20220805200252.2" } }, "vulnerabilities": [ { "title": "The base firmware for this modem contains an MIT-licensed web server from an individual developer called \"muhttpd.", "notes": [ { "category": "summary", "text": "The base firmware for this modem contains an MIT-licensed web server from an individual developer called \"muhttpd.\" This server has been unmaintained since 2010. The server has a path traversal vulnerability that allows any file on the modem to be read as root" } ], "cve": "CVE-2022-31793", "ids": [ { "system_name": "CERT/CC V Identifier ", "text": "VU#495801" } ], "product_status": { "known_not_affected": [ "CSAFPID-eb07f774-32d4-11ed-aeca-0aa659cdc35f" ] } } ], "product_tree": { "branches": [ { "category": "vendor", "name": "AT&T", "product": { "name": "AT&T Products", "product_id": "CSAFPID-eb07f774-32d4-11ed-aeca-0aa659cdc35f" } }, { "category": "vendor", "name": "SaskTel", "product": { "name": "SaskTel Products", "product_id": "CSAFPID-eb082dc0-32d4-11ed-aeca-0aa659cdc35f" } } ] } } |
...