VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-df7k-xenc-aaar

Essentials
Severities (113)
References (22)
Severity details (28)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-df7k-xenc-aaar
Aliases	CVE-2023-38325 GHSA-cf7p-gm2m-833m PYSEC-2023-112
Summary	The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38325.json
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00130	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00301	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00706	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.00791	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
epss	0.0097	https://api.first.org/data/v1/epss?cve=CVE-2023-38325
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-cf7p-gm2m-833m
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-cf7p-gm2m-833m
cvssv3.1	7.5	https://github.com/pyca/cryptography
generic_textual	HIGH	https://github.com/pyca/cryptography
cvssv3.1	7.5	https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3
generic_textual	HIGH	https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3
cvssv3.1	7.5	https://github.com/pyca/cryptography/compare/41.0.1...41.0.2
generic_textual	HIGH	https://github.com/pyca/cryptography/compare/41.0.1...41.0.2
cvssv3.1	7.5	https://github.com/pyca/cryptography/issues/9207
generic_textual	HIGH	https://github.com/pyca/cryptography/issues/9207
cvssv3.1	7.5	https://github.com/pyca/cryptography/pull/7960
generic_textual	HIGH	https://github.com/pyca/cryptography/pull/7960
cvssv3.1	7.5	https://github.com/pyca/cryptography/pull/9208
generic_textual	HIGH	https://github.com/pyca/cryptography/pull/9208
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-38325
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-38325
cvssv3.1	7.5	https://pypi.org/project/cryptography/#history
generic_textual	HIGH	https://pypi.org/project/cryptography/#history
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230824-0010
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20230824-0010

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38325.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-38325
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pyca/cryptography
		https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3
		https://github.com/pyca/cryptography/compare/41.0.1...41.0.2
		https://github.com/pyca/cryptography/issues/9207
		https://github.com/pyca/cryptography/pull/7960
		https://github.com/pyca/cryptography/pull/9208
		https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/
		https://pypi.org/project/cryptography/#history
		https://security.netapp.com/advisory/ntap-20230824-0010
		https://security.netapp.com/advisory/ntap-20230824-0010/
2231271		https://bugzilla.redhat.com/show_bug.cgi?id=2231271
cpe:2.3:a:cryptography.io:cryptography::::::python::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cryptography.io:cryptography::::::python::*
cpe:2.3:a:cryptography_project:cryptography::::::python::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cryptography_project:cryptography::::::python::*
CVE-2023-38325		https://nvd.nist.gov/vuln/detail/CVE-2023-38325
GHSA-cf7p-gm2m-833m		https://github.com/advisories/GHSA-cf7p-gm2m-833m

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38325.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyca/cryptography

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pyca/cryptography/compare/41.0.1...41.0.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pyca/cryptography/issues/9207

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pyca/cryptography/pull/7960

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pyca/cryptography/pull/9208

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38325

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38325

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://pypi.org/project/cryptography/#history

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20230824-0010

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.45280
EPSS Score	0.00112
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.