How severe is CVE-2019-9750?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2019-9750?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2019-9750 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01 Unauthorized" response is mishandled. NOTE: the vendor states "While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite."

Related Vulnerabilities

CVE-2018-3739

CRITICAL

CVSS:9.1(Critical)

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed i...

CWE-4002018

CVE-2018-3767

CRITICAL

CVSS:9.1(Critical)

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

CWE-4002018

CVE-2022-24118

CRITICAL

CVSS:9.1(Critical)

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7...

CWE-4002022

CVE-2022-27889

CRITICAL

CVSS:9.1(Critical)

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-l...

CWE-4002022

CVE-2024-45163

CRITICAL

CVSS:9.1(Critical)

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an...

CWE-4002024

CVE-2024-8892

CRITICAL

CVSS:9.1(Critical)

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, withou...

CWE-4002024