For example, an attacker could send a large number of incomplete connection attempts to the FTP server, resulting in a device that would not communicate with the FTP server and therefore would not download information from the Nucleus source code repository. This vulnerability is rated as critical in Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code, and has been assigned the CVSSv3 score of 9.8. Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code are also vulnerable to a denial of service attack via the NTP server. The NTP server does not properly handle messages that lack an expected length that indicates the end of a message. An attacker could send a large number of messages with an unexpected length to the NTP server, resulting in a device that would not communicate with the Nucleus source code repository and therefore would not download information from it. This vulnerability is rated as critical in Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code, and has been assigned the CVSSv3 score of 9.8. Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code are also vulnerable to a denial of service attack via the LDAP server. The LDAP server does not properly handle messages that lack an expected length that indicates the end of a message. An attacker could send a large number of messages with an unexpected length to the LDAP server

Common Vulnerabilities and Exposures (CVEs)

A vulnerability is a weakness in an application that could be exploited by attackers to gain unauthorized access to the application, cause denial of service (DoS) or remote code execution, or other harmful effects. Most vulnerabilities are due to coding errors and can be remediated with a software patch. A vulnerable component is one that has been found to have one or more vulnerabilities.
Vulnerabilities and exposures can be mitigated by implementing appropriate security controls on the affected component.
For example, when considering a vulnerability within Nucleus NET, we would also consider other components of the system such as:
- Network devices
- Firewalls
- Access control systems
- Operating system
- Web servers
- Database servers

Nucleus NET

, Nucleus ReadyStart V3, and Nucleus Source Code Vulnerable to ISA

Nucleus NET, Nucleus ReadyStart V3, and Nucleus Source Code are vulnerable to a man-in-the-middle attack via the ISA server. The attacker could intercept communications between a device and servers that use the ISA server and inject malicious code in the communication stream. This vulnerability is rated as critical in Nucleus NET, Nucleus ReadyStart V3, and has been assigned the CVSSv3 score of 9.8.

Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code are vulnerable to a denial of service attack via the LDAP server

Nucleus NET, Nucleus ReadyStart V3, and Nucleus Source Code are also vulnerable to a denial of service attack via the LDAP server. The LDAP server does not properly handle messages that lack an expected length that indicates the end of a message. An attacker could send a large number of messages with an unexpected length to the LDAP server, resulting in a device that would not communicate with the Nucleus source code repository and therefore would not download information from it. This vulnerability is rated as critical in Nucleus NET, Nucleus ReadyStart V3, and has been assigned the CVSSv3 score of 9.8.

Timeline

Published on: 10/11/2022 11:15:00 UTC
Last modified on: 10/12/2022 13:58:00 UTC

References