SUSE update for nodejs14
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-30581 CVE-2023-30589 CVE-2023-30590 CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 |
| CWE-ID | CWE-264 CWE-444 CWE-1068 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Web and Scripting Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system nodejs14-docs Operating systems & Components / Operating system package or component nodejs14-debugsource Operating systems & Components / Operating system package or component nodejs14 Operating systems & Components / Operating system package or component nodejs14-debuginfo Operating systems & Components / Operating system package or component nodejs14-devel Operating systems & Components / Operating system package or component npm14 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU77586
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-30581
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the use of proto in process.mainModule.proto.require(). This allows to bypass the policy mechanism and require modules outside of the policy.json definition.
MitigationUpdate the affected package nodejs14 to the latest version.
Vulnerable software versionsWeb and Scripting Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
nodejs14-docs: before 14.21.3-6.46.1
nodejs14-debugsource: before 14.21.3-6.46.1
nodejs14: before 14.21.3-6.46.1
nodejs14-debuginfo: before 14.21.3-6.46.1
nodejs14-devel: before 14.21.3-6.46.1
npm14: before 14.21.3-6.46.1
CPE2.3- cpe:2.3:o:suse:web_and_scripting_module:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-LTSS-ERICSSON:*:*:*:*:*:*:*
- cpe:2.3:a:suse:nodejs14-docs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:npm14:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233306-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU77605
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-30589
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in the llhttp parser. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationUpdate the affected package nodejs14 to the latest version.
Vulnerable software versionsWeb and Scripting Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
nodejs14-docs: before 14.21.3-6.46.1
nodejs14-debugsource: before 14.21.3-6.46.1
nodejs14: before 14.21.3-6.46.1
nodejs14-debuginfo: before 14.21.3-6.46.1
nodejs14-devel: before 14.21.3-6.46.1
npm14: before 14.21.3-6.46.1
CPE2.3- cpe:2.3:o:suse:web_and_scripting_module:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-LTSS-ERICSSON:*:*:*:*:*:*:*
- cpe:2.3:a:suse:nodejs14-docs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:npm14:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233306-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Inconsistency between implementation and documented design
EUVDB-ID: #VU77606
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-30590
CWE-ID:
CWE-1068 - Inconsistency Between Implementation and Documented Design
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to inconsistency between implementation and documented design within the generateKeys() API function. The documented behavior is different from the actual behavior, and this difference could lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security.
MitigationUpdate the affected package nodejs14 to the latest version.
Vulnerable software versionsWeb and Scripting Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
nodejs14-docs: before 14.21.3-6.46.1
nodejs14-debugsource: before 14.21.3-6.46.1
nodejs14: before 14.21.3-6.46.1
nodejs14-debuginfo: before 14.21.3-6.46.1
nodejs14-devel: before 14.21.3-6.46.1
npm14: before 14.21.3-6.46.1
CPE2.3- cpe:2.3:o:suse:web_and_scripting_module:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-LTSS-ERICSSON:*:*:*:*:*:*:*
- cpe:2.3:a:suse:nodejs14-docs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:npm14:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233306-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU79332
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32002
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions for the Module._load() method. A remote attacker can bypass the policy mechanism and include modules outside of the policy.json definition for a given module.
Update the affected package nodejs14 to the latest version.
Vulnerable software versionsWeb and Scripting Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
nodejs14-docs: before 14.21.3-6.46.1
nodejs14-debugsource: before 14.21.3-6.46.1
nodejs14: before 14.21.3-6.46.1
nodejs14-debuginfo: before 14.21.3-6.46.1
nodejs14-devel: before 14.21.3-6.46.1
npm14: before 14.21.3-6.46.1
CPE2.3- cpe:2.3:o:suse:web_and_scripting_module:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-LTSS-ERICSSON:*:*:*:*:*:*:*
- cpe:2.3:a:suse:nodejs14-docs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:npm14:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233306-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU79334
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32006
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
Update the affected package nodejs14 to the latest version.
Vulnerable software versionsWeb and Scripting Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
nodejs14-docs: before 14.21.3-6.46.1
nodejs14-debugsource: before 14.21.3-6.46.1
nodejs14: before 14.21.3-6.46.1
nodejs14-debuginfo: before 14.21.3-6.46.1
nodejs14-devel: before 14.21.3-6.46.1
npm14: before 14.21.3-6.46.1
CPE2.3- cpe:2.3:o:suse:web_and_scripting_module:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-LTSS-ERICSSON:*:*:*:*:*:*:*
- cpe:2.3:a:suse:nodejs14-docs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:npm14:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233306-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU79335
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32559
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
Mitigation
Update the affected package nodejs14 to the latest version.
Vulnerable software versionsWeb and Scripting Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
nodejs14-docs: before 14.21.3-6.46.1
nodejs14-debugsource: before 14.21.3-6.46.1
nodejs14: before 14.21.3-6.46.1
nodejs14-debuginfo: before 14.21.3-6.46.1
nodejs14-devel: before 14.21.3-6.46.1
npm14: before 14.21.3-6.46.1
CPE2.3- cpe:2.3:o:suse:web_and_scripting_module:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP2-LTSS-ERICSSON:*:*:*:*:*:*:*
- cpe:2.3:a:suse:nodejs14-docs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:nodejs14-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:npm14:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2023/suse-su-20233306-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
