IBM RackSwitch firmware update for Libxml2
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-24977 CVE-2020-7595 CVE-2019-20388 CVE-2019-19956 CVE-2018-14404 CVE-2016-9318 |
| CWE-ID | CWE-125 CWE-835 CWE-401 CWE-476 CWE-611 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
IBM RackSwitch G8124E Hardware solutions / Routers & switches, VoIP, GSM, etc IBM RackSwitch G8124 Hardware solutions / Routers & switches, VoIP, GSM, etc IBM RackSwitch G8052 Hardware solutions / Routers & switches, VoIP, GSM, etc IBM RackSwitch G7028 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU46737
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-24977
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the xmlEncodeEntitiesInternal() function in libxml2/entities.c in libxml2. A remote attacker can pas specially crafted XML data to the affected application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM RackSwitch G8124E: before 7.11.20.0
IBM RackSwitch G8124: before 7.11.20.0
IBM RackSwitch G8052: before 7.11.20.0
IBM RackSwitch G7028: before 7.6.8.0
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6431299
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Infinite loop
EUVDB-ID: #VU24488
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-7595
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in xmlStringLenDecodeEntities in parser.c. A remote attacker can consume all available system resources and cause denial of service conditions in a certain end-of-file situation.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM RackSwitch G8124E: before 7.11.20.0
IBM RackSwitch G8124: before 7.11.20.0
IBM RackSwitch G8052: before 7.11.20.0
IBM RackSwitch G7028: before 7.6.8.0
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6431299
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU24487
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-20388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlSchemaPreRun in xmlschemas.c. A remote attacker can trigger a xmlSchemaValidateStream memory leak and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM RackSwitch G8124E: before 7.11.20.0
IBM RackSwitch G8124: before 7.11.20.0
IBM RackSwitch G8052: before 7.11.20.0
IBM RackSwitch G7028: before 7.6.8.0
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6431299
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU24489
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-19956
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. A remote attacker can trigger a memory leak related to newDoc->oldNs and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM RackSwitch G8124E: before 7.11.20.0
IBM RackSwitch G8124: before 7.11.20.0
IBM RackSwitch G8052: before 7.11.20.0
IBM RackSwitch G7028: before 7.6.8.0
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6431299
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Null pointer dereference
EUVDB-ID: #VU13949
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-14404
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the xmlXPathCompOpEval() function, as defined in the path.c source code file due to improper parsing of invalid XPath expressions in the XPATH_OP_AND and XPATH_OP_OR cases. A remote attacker can send a specially crafted request that submits malicious input to an application that is using the affected library, trigger a NULL pointer dereference and cause the application to crash.
Install update from vendor's website.
Vulnerable software versionsIBM RackSwitch G8124E: before 7.11.20.0
IBM RackSwitch G8124: before 7.11.20.0
IBM RackSwitch G8052: before 7.11.20.0
IBM RackSwitch G7028: before 7.6.8.0
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6431299
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) XML External Entity injection
EUVDB-ID: #VU31830
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9318
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to execute arbitrary code.
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM RackSwitch G8124E: before 7.11.20.0
IBM RackSwitch G8124: before 7.11.20.0
IBM RackSwitch G8052: before 7.11.20.0
IBM RackSwitch G7028: before 7.6.8.0
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6431299
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
