{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-20T18:06:31.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"}, {"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"}, {"tags": ["x_refsource_MISC"], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"}, {"name": "USN-3935-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3935-1/"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"}, {"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Jan/39"}, {"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"}, {"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Aug/21"}, {"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2022/Jun/36"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16544", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "refsource": "MISC", "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"}, {"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"}, {"name": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "refsource": "MISC", "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"}, {"name": "USN-3935-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3935-1/"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"}, {"name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"}, {"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jan/39"}, {"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"}, {"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Aug/21"}, {"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/Jun/36"}, {"name": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:27:04.005Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"}, {"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"}, {"name": "USN-3935-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3935-1/"}, {"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"}, {"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Jan/39"}, {"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"}, {"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Aug/21"}, {"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Jun/36"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T15:34:08.917753Z", "id": "CVE-2017-16544", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:35:03.132Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16544", "datePublished": "2017-11-20T15:00:00.000Z", "dateReserved": "2017-11-05T00:00:00.000Z", "dateUpdated": "2025-06-09T15:35:03.132Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://usn.ubuntu.com/3935-1/", "name": "USN-3935-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Jun/18", "name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Jun/14", "name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Sep/7", "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/7", "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2020/Mar/15", "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/20", "name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2020/Sep/6", "name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Jan/39", "name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Aug/21", "name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2022/Jun/36", "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:27:04.005Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-16544", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-09T15:34:08.917753Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:34:38.655Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-20T00:00:00.000Z", "references": [{"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "tags": ["x_refsource_MISC"]}, {"url": "https://usn.ubuntu.com/3935-1/", "name": "USN-3935-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://seclists.org/fulldisclosure/2019/Jun/18", "name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://seclists.org/bugtraq/2019/Jun/14", "name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://seclists.org/fulldisclosure/2019/Sep/7", "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/7", "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "tags": ["x_refsource_MISC"]}, {"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html", "tags": ["x_refsource_MISC"]}, {"url": "http://seclists.org/fulldisclosure/2020/Mar/15", "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/20", "name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "tags": ["x_refsource_MISC"]}, {"url": "http://seclists.org/fulldisclosure/2020/Sep/6", "name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2021/Jan/39", "name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://seclists.org/fulldisclosure/2021/Aug/21", "name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2022/Jun/36", "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-06-20T18:06:31.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "name": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/", "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html", "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update", "refsource": "MLIST"}, {"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "name": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8", "refsource": "MISC"}, {"url": "https://usn.ubuntu.com/3935-1/", "name": "USN-3935-1", "refsource": "UBUNTU"}, {"url": "http://seclists.org/fulldisclosure/2019/Jun/18", "name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource": "FULLDISC"}, {"url": "https://seclists.org/bugtraq/2019/Jun/14", "name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series", "refsource": "BUGTRAQ"}, {"url": "http://seclists.org/fulldisclosure/2019/Sep/7", "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource": "FULLDISC"}, {"url": "https://seclists.org/bugtraq/2019/Sep/7", "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X", "refsource": "BUGTRAQ"}, {"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html", "refsource": "MISC"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html", "name": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html", "refsource": "CONFIRM"}, {"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html", "name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html", "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2020/Mar/15", "name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/20", "name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S", "refsource": "FULLDISC"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2020/Sep/6", "name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Jan/39", "name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series", "refsource": "FULLDISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html", "name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update", "refsource": "MLIST"}, {"url": "http://seclists.org/fulldisclosure/2021/Aug/21", "name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2022/Jun/36", "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series", "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "name": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-16544", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2017-16544", "state": "PUBLISHED", "dateUpdated": "2025-06-09T15:35:03.132Z", "dateReserved": "2017-11-05T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2017-11-20T15:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "matchCriteriaId": "37287FA9-D061-4C33-AA55-BFF45D880108", "versionEndIncluding": "1.27.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CC77ADEA-F0B8-4E5D-B965-39397F823075", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*", "matchCriteriaId": "3E8861F4-D390-4738-BBF0-9EE4684E9667", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*", "matchCriteriaId": "52403C80-3022-4E5B-B16A-24B116D1E6B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*", "matchCriteriaId": "FBECED2E-05FD-492E-8B57-9BB8ADA82444", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*", "matchCriteriaId": "3C3FBBA4-01FA-45B5-AEDF-FFFE941163FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*", "matchCriteriaId": "A63E3C72-3145-4661-BBCD-8A67EC0CDDF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*", "matchCriteriaId": "9159F6E1-6A36-4D3C-85B1-2205B90CD244", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*", "matchCriteriaId": "C2C08C24-FBAC-49B8-AABF-4FF8BADA3412", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*", "matchCriteriaId": "2B9D5E67-78C9-495E-91F0-AF94871E5FA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*", "matchCriteriaId": "6D35CDFE-F0E7-43F7-A307-E3BDDE5AEAD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*", "matchCriteriaId": "ADC13026-3B5A-4BF0-BDEC-B77338E427E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*", "matchCriteriaId": "6CBA70BA-FFCD-4D2D-AD26-95CC62748937", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*", "matchCriteriaId": "4C92DD8B-8AB8-40D4-8E86-12FEB055D37A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*", "matchCriteriaId": "C58D77F5-CDB2-47DA-A879-BABEBE2E1E04", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*", "matchCriteriaId": "D0C324FB-3989-4A4A-BF5B-C40CA698DDB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*", "matchCriteriaId": "0E7AC58E-D1F8-4FDF-9A28-61CF6158330A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*", "matchCriteriaId": "489EE0F6-5510-470E-8711-DC08B4AFB4F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*", "matchCriteriaId": "6719ED6F-CBC3-4B1E-9343-23DC3BA15FDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*", "matchCriteriaId": "DDAA48A9-9319-4104-B151-D529E5EBF0F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*", "matchCriteriaId": "D16CD918-5075-4975-8B1E-21D8AD35A28E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*", "matchCriteriaId": "7A38CD8E-494D-4E0E-A300-8550FC81FAE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*", "matchCriteriaId": "1F40ABE8-8DED-4633-A34C-00DF5D510E71", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*", "matchCriteriaId": "1736B975-089B-413C-8CA0-5524B957EF9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*", "matchCriteriaId": "0E4DCBF6-7189-497A-B923-08574443172C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*", "matchCriteriaId": "16FBA646-0B5E-44A7-BB12-29D5C611AEC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*", "matchCriteriaId": "29F57497-7B48-4D0C-B8F5-8D33062BECEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*", "matchCriteriaId": "ADDE96C7-C489-4D14-990B-8524627A23D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*", "matchCriteriaId": "AD82C093-FD98-45DE-9EE6-A05E81A1FEC6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*", "matchCriteriaId": "08789F9E-CDC7-4F89-B925-92C9E3AE5234", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*", "matchCriteriaId": "26ABB84C-B4BF-424E-8F4C-D2B6BE0AC79E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*", "matchCriteriaId": "621C203B-4B66-49CC-A35D-D7703109BF14", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*", "matchCriteriaId": "3261BDEF-D89C-41D9-A360-EC36EAB17490", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*", "matchCriteriaId": "5170A4F6-02B7-4225-B944-73DB5A4D332C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*", "matchCriteriaId": "62A97DBA-A56B-4F0B-B9C4-44B5166681AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*", "matchCriteriaId": "806C8BE6-A2BE-45BE-BEF2-396BEB16FCC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*", "matchCriteriaId": "DBA6211E-134A-484E-8444-FBB5070B395D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*", "matchCriteriaId": "3E7B05B3-4076-4A44-B9A6-A44419F175C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*", "matchCriteriaId": "1A1636B4-6E79-42D7-AA62-5EE43412B43A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*", "matchCriteriaId": "0F0377D0-BBED-41BF-80C5-58414ED413EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*", "matchCriteriaId": "6495283C-D18A-4DDA-852E-46F2273D6DAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*", "matchCriteriaId": "09DEFEE5-5E9E-4F3A-A245-3E8E2B291339", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*", "matchCriteriaId": "4B5A97A3-65DB-4697-9CF1-B4F5E4E4132F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*", "matchCriteriaId": "17A84E0A-1429-467F-9EE1-FCA062392DC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*", "matchCriteriaId": "C591163D-64BC-403B-A460-5B2258EC2F8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*", "matchCriteriaId": "ED932B89-D34D-4398-8F79-AF98987CAFD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*", "matchCriteriaId": "ABD365A0-0B09-4EC2-9973-691144C99507", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*", "matchCriteriaId": "FBE64DC7-A9D1-416F-89BF-D9F8DD8174AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*", "matchCriteriaId": "0E198AE4-A6A3-4875-A7DA-44BE9E1B280F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*", "matchCriteriaId": "2FDD5BA0-8180-484D-8308-B0862B6E9DC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*", "matchCriteriaId": "96A6EB9A-A908-42D1-A6BC-E38E861BBECE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*", "matchCriteriaId": "651EDCAA-D785-464D-AE41-425A69F6FFB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*", "matchCriteriaId": "1B3C704C-9D60-4F72-B482-07F209985E68", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*", "matchCriteriaId": "C1CFE956-4391-4B71-BD0B-96A008A624B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*", "matchCriteriaId": "409778CD-9AB3-4793-A5F5-8D8657F81442", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*", "matchCriteriaId": "F7EA75DB-B6BE-4E75-89B6-C69E96CBD7BF", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*", "matchCriteriaId": "0DC45A8B-6DE0-465F-9644-B75A09394F25", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*", "matchCriteriaId": "7A265671-BCB0-401A-A1E8-500F9D41492E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*", "matchCriteriaId": "83168067-1E43-4186-9B15-3FC702C6583C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*", "matchCriteriaId": "8C122DB4-8410-4C4E-87BE-EB3175CE182B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*", "matchCriteriaId": "C76ED78D-0778-4269-938E-BB7586C1E44E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*", "matchCriteriaId": "7A1F78C5-E995-4E37-83C5-5B6A1D39E549", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*", "matchCriteriaId": "7A2E842D-AF37-4641-AD05-B91F250E7487", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*", "matchCriteriaId": "A07EAC87-32FD-4553-B71D-181F2C66AE68", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*", "matchCriteriaId": "AD6F0D62-4C51-46D6-A6C4-E479BE6B2C91", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*", "matchCriteriaId": "865D3042-68ED-44B9-A036-9433F7463D6F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*", "matchCriteriaId": "FC4FEF78-D2DA-4CCE-BB81-7E2090ED545C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*", "matchCriteriaId": "11AE3F61-9655-4B20-96E1-92112BE2BEDC", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*", "matchCriteriaId": "ECE35166-3019-450B-9C69-484E4EDE5A6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*", "matchCriteriaId": "D892B066-381B-4F46-8363-7BA1647BBCD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*", "matchCriteriaId": "710DB381-5504-4493-8D0A-17AB8E5A903B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*", "matchCriteriaId": "42AAA3B7-B74D-4B67-8BD3-1D9B5ED1E037", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*", "matchCriteriaId": "33CBCA55-010E-4E84-B2F8-F9B53D5A3340", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*", "matchCriteriaId": "95A73B4B-F9B3-4D66-9668-902902C73CB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*", "matchCriteriaId": "8D14D51D-E2EA-4826-8C6E-AF1C15F12384", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*", "matchCriteriaId": "BED100A1-9D59-48BE-91D4-0C8F2D678E6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*", "matchCriteriaId": "660B51F2-DFE0-49F6-AD2A-6E94B20F4019", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*", "matchCriteriaId": "8BF80536-348A-468E-AC1C-DA53632FCC83", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*", "matchCriteriaId": "CFABF302-AC32-4507-BDD9-314854DE55BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*", "matchCriteriaId": "9EDE020F-4FB1-4F1D-B434-6745045702D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*", "matchCriteriaId": "AA1538B9-E860-46CE-A4CA-1393ECA20D30", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*", "matchCriteriaId": "386A6805-6167-47BA-A02F-073DC7E0FE36", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*", "matchCriteriaId": "03BA15D8-F7A2-428C-8104-BCEBDE7C1EC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*", "matchCriteriaId": "1CFCFE7B-37E5-4C64-9B43-4F693F227231", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*", "matchCriteriaId": "02CFAE22-37DB-4787-96FB-9E0F8EF671E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*", "matchCriteriaId": "0BC70488-A435-43BE-AEF4-30CBA36CBC03", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811401:*:*:*:*:*:*", "matchCriteriaId": "2B37DC7D-A1C6-468F-A42E-160CE226FF7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201903001:*:*:*:*:*:*", "matchCriteriaId": "7B0A3263-193B-4725-BF20-08A2B2F3BB82", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201905001:*:*:*:*:*:*", "matchCriteriaId": "D6C6287E-C24E-4291-8DE7-4413993577F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201909001:*:*:*:*:*:*", "matchCriteriaId": "AA74FDE2-4656-446D-9215-77326C7EC62C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*", "matchCriteriaId": "04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*", "matchCriteriaId": "0D2ED442-3F6D-472A-AA98-51D05A65B2E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*", "matchCriteriaId": "2A71EC72-3389-4EC7-8104-2A78F7B8C0DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*", "matchCriteriaId": "F948E806-0F73-4145-A723-7A43BA45842B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*", "matchCriteriaId": "75FAFF86-C65F-4723-8A63-BACE2F797937", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*", "matchCriteriaId": "DBC31DE3-ACFE-422F-B253-2FE4AAFE3954", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*", "matchCriteriaId": "B30B3EA4-495F-4915-B6E3-5FB9277C2DE6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*", "matchCriteriaId": "6FA9E337-B4F3-4895-BA58-962F8CDEE73E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*", "matchCriteriaId": "830B0BC1-A368-49AC-B6C9-B000972EF92A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*", "matchCriteriaId": "614394F3-3BEE-4E12-AABF-436D54A04313", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*", "matchCriteriaId": "350FD3CE-8B64-4FCF-82DE-BE941156F4F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*", "matchCriteriaId": "C9EAE177-6C7E-4C1B-ADEE-2C036F731272", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*", "matchCriteriaId": "DFFEEC31-8462-4DF9-A1DA-D7057C209CBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*", "matchCriteriaId": "0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*", "matchCriteriaId": "942DAD67-9455-4D02-BD3B-BFD2DE7A7E52", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*", "matchCriteriaId": "7ACC1A72-F6B6-430A-AB89-AB0A11587F58", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*", "matchCriteriaId": "45111C74-BF6F-4C05-A0D3-CE325AD0C02B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*", "matchCriteriaId": "B1CE5849-01B1-4E36-83E8-496A3F328C9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*", "matchCriteriaId": "A879BA05-3A80-4EBC-AA9D-9B53695425B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*", "matchCriteriaId": "3D65A0E8-A1E0-42F3-B77D-2F32979278BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*", "matchCriteriaId": "80C10150-39BA-4818-B48F-8645D4A0D316", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*", "matchCriteriaId": "9792B986-86EF-40E0-9427-A45F858717E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*", "matchCriteriaId": "37EDD688-C91A-4A35-913A-82E156ADD242", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*", "matchCriteriaId": "5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*", "matchCriteriaId": "47DA50DA-7CA4-4B76-8B3B-A5732509F71D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*", "matchCriteriaId": "76EB1A04-0645-4909-AEF9-33D6FADA4793", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*", "matchCriteriaId": "F1A35723-D968-42D6-89EB-86CA550516E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*", "matchCriteriaId": "C3AC8A19-F98E-48F1-A1EA-EAA1C7208335", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*", "matchCriteriaId": "2D6A3952-8429-4762-8701-47D7C1F05A5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*", "matchCriteriaId": "5B007609-C312-469B-BACF-04D6D80DADF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*", "matchCriteriaId": "514F2ECD-FC55-42A5-BEE4-DA7641CC93A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*", "matchCriteriaId": "3594E391-19CD-4803-8285-FA11BE63AB05", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*", "matchCriteriaId": "2CEC248D-502E-4A8D-8786-CD72A2E3AB1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*", "matchCriteriaId": "4F08529C-B14C-45FB-AEA1-77D12C88CB30", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*", "matchCriteriaId": "617835F5-49DA-4B42-8C7B-C122D7363A00", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*", "matchCriteriaId": "E7DF3ED7-FA3F-4EBC-99AC-B7AD20E85927", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*", "matchCriteriaId": "9ED86C29-2EA6-41DD-ACCB-1E02F9CB747E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*", "matchCriteriaId": "DE1372AD-2853-4BED-BB71-6BACB28B95C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*", "matchCriteriaId": "F0E684DF-9E45-459E-AB75-6B4653E5C7CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*", "matchCriteriaId": "B3DDD3E9-186F-472C-BA76-C2A363206792", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*", "matchCriteriaId": "A09E9914-DB27-41EF-B55D-5B79ECD1DA69", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*", "matchCriteriaId": "0CE9D758-2170-4ACD-965C-C76BDA693466", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*", "matchCriteriaId": "FD4A373B-2AC6-4193-9C34-1E4EEB552A9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*", "matchCriteriaId": "E75F4E15-2C5F-4667-B8A4-0EE9895FAEC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*", "matchCriteriaId": "8B75B45F-E25A-4362-856D-465A9F8B70DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*", "matchCriteriaId": "EDA4AE4C-3BA8-472D-950A-3C8684565CD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*", "matchCriteriaId": "6AA3617D-B911-4BC5-B544-B31D4F43D2B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*", "matchCriteriaId": "CDC6E0F6-83DF-4670-8D04-A41C7DC1B881", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*", "matchCriteriaId": "047A71B3-CDFB-41F3-B2DE-11360DAE5744", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*", "matchCriteriaId": "F88691FD-F263-4B75-BF21-481BC1623C3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*", "matchCriteriaId": "D2A47CDA-D3DD-4E0F-8268-32A188EA1D94", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*", "matchCriteriaId": "36A67476-2E8E-4104-9F10-7AE42F82508F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*", "matchCriteriaId": "ED029F1A-96D0-4EF2-9148-FC98E8B8FDCC", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*", "matchCriteriaId": "E2283675-582F-44A8-833B-B5B439CBFA1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*", "matchCriteriaId": "94C4A188-6B00-48C4-B7E2-9F70811BF618", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*", "matchCriteriaId": "F82943E9-E2D0-49F4-BD32-40E84BA1957E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*", "matchCriteriaId": "3ACB68F5-EC73-4C30-8FD3-F6647F9BCCD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*", "matchCriteriaId": "B854BA24-11FD-4D0C-9EFD-A88E64FED4E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*", "matchCriteriaId": "554434AB-763F-4E95-B616-F7594041D511", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*", "matchCriteriaId": "CE56E7AC-F63D-4A4B-9B45-0E623973B14B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*", "matchCriteriaId": "36664142-0111-42F5-A371-AD2C0DF211EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*", "matchCriteriaId": "49EA78B6-8208-4351-88F9-103CA01EF3A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*", "matchCriteriaId": "27AC575F-9AC4-4AA1-A71C-BF9F752295F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*", "matchCriteriaId": "4C0F47F3-0509-45AC-8EA9-37246E4E6095", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*", "matchCriteriaId": "CE103301-6AEF-4348-8F36-833021739AEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*", "matchCriteriaId": "8D92B2FF-8962-41F9-B019-D83AAAD188FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*", "matchCriteriaId": "8E6D5227-3421-412F-9BE0-583AA768446D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*", "matchCriteriaId": "BD2F52AF-D7EF-4F57-8F04-B0C6CD3FED63", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*", "matchCriteriaId": "82BA9EB1-4EFB-4649-92C7-2C307966956E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*", "matchCriteriaId": "2133378D-8DFD-48B9-83A1-9FA7DDC68902", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*", "matchCriteriaId": "57BF8703-0C83-4BA5-B0F7-FB6E45229685", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*", "matchCriteriaId": "DAADDD62-2F6E-4D12-A49F-3D38ACF488E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*", "matchCriteriaId": "B5834F35-6D9A-48E5-BB5C-3A7D6CCE36D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*", "matchCriteriaId": "27FA0C0E-B5A2-4619-998B-CFB45496D895", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*", "matchCriteriaId": "B98EDBA4-0BA4-4894-B6F6-681117A5C5C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*", "matchCriteriaId": "8E756914-2C2A-4999-AAEA-2F6835A29C49", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*", "matchCriteriaId": "0AC0C89B-26A3-40F7-855F-5F6B36B77F5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*", "matchCriteriaId": "5BF2FE18-A90E-429A-98D1-9A97DD0464B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*", "matchCriteriaId": "92289D85-0652-41D1-A6BA-D4B8C7EE1F45", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*", "matchCriteriaId": "CF41887D-B145-4D01-9AEF-2E36479B2FA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*", "matchCriteriaId": "0FEAF0ED-BD20-4BA6-BB23-1C978B823A11", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*", "matchCriteriaId": "36234CE1-FA7E-4534-9720-410435E2BAEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*", "matchCriteriaId": "ABE65721-57C0-4748-B159-F6D97CE8CAB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*", "matchCriteriaId": "CD1889D7-3313-4004-AA42-7879E8551413", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*", "matchCriteriaId": "494E0B07-CE16-46D4-A89B-4F12A6CECDF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*", "matchCriteriaId": "DD046237-16D7-4A57-9F09-2A6A649368C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*", "matchCriteriaId": "8343E8DB-1D54-4B82-9254-2E2AFC548609", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*", "matchCriteriaId": "F853B5B8-E8F8-4EA2-90EB-0603F4AADAD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*", "matchCriteriaId": "0169E032-F47A-45E0-BC33-B7DF54EC11BF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:n-tron_702-w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E7E2A2E-13BA-46CF-A98D-CC855C381834", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:n-tron_702-w:-:*:*:*:*:*:*:*", "matchCriteriaId": "30885167-CD8F-4026-ADCB-2E07E772ECD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:n-tron_702m12-w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6633FE15-2CF0-4F83-91AB-6B090684C284", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:n-tron_702m12-w:-:*:*:*:*:*:*:*", "matchCriteriaId": "94F253CC-A9DC-463A-93F0-71DD4FC190FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."}, {"lang": "es", "value": "En la funci\u00f3n add_match en libbb/lineedit.c en BusyBox hasta la versi\u00f3n 1.27.2, la caracter\u00edstica de autocompletar pesta\u00f1as del shell, empleada para obtener una lista de nombres de archivo en un directorio, no inmuniza los nombres de archivo. Esto conduce a la ejecuci\u00f3n de cualquier secuencia de escape en el terminal. Esto podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo, escrituras arbitrarias de archivos u otros ataques."}], "id": "CVE-2017-16544", "lastModified": "2025-06-09T16:15:26.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-11-20T15:29:00.387", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Aug/21"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Jan/39"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/36"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3935-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Jun/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Sep/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Aug/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Mar/15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Aug/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Jan/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jun/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3935-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "busybox: Insufficient sanitization of filenames when autocompleting", "id": "1515713", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515713"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-20", "details": ["In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.", "It was found that the tab auto-completion feature of BusyBox did not sanitize filenames, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by an attacker could potentially result in code execution, arbitrary file writes, or other attacks under highly specific circumstances dependent on the usage of a vulnerable terminal emulator by the user."], "name": "CVE-2017-16544", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "busybox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "busybox", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-11-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-16544\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16544\nhttps://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"], "threat_severity": "Moderate"}