Detections
Analytics
Synology DSM HTTP/2 Implementations Uncontrolled Resource Consumption (CVE-2019-9513)
high Tenable OT Security Plugin ID 502466
Synopsis
The remote OT asset is affected by a vulnerability.Description
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree.This can consume excess CPU.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
http://www.nessus.org/u?a5b121dc
http://www.nessus.org/u?c747aef2
http://www.nessus.org/u?b87b2fef
http://www.nessus.org/u?3f826b71
http://www.nessus.org/u?b6561d3c
http://www.nessus.org/u?0c75a914
https://access.redhat.com/errata/RHSA-2019:2692
https://access.redhat.com/errata/RHSA-2019:2745
https://access.redhat.com/errata/RHSA-2019:2746
https://access.redhat.com/errata/RHSA-2019:2775
https://access.redhat.com/errata/RHSA-2019:2799
https://access.redhat.com/errata/RHSA-2019:2925
https://access.redhat.com/errata/RHSA-2019:2939
https://access.redhat.com/errata/RHSA-2019:2949
https://access.redhat.com/errata/RHSA-2019:2955
https://access.redhat.com/errata/RHSA-2019:2966
https://access.redhat.com/errata/RHSA-2019:3041
https://access.redhat.com/errata/RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3935
http://www.nessus.org/u?5ca4073f
https://kb.cert.org/vuls/id/605641/
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
http://www.nessus.org/u?226a37e0
http://www.nessus.org/u?e3e14cbd
http://www.nessus.org/u?a28dfd49
http://www.nessus.org/u?059d9833
http://www.nessus.org/u?eedfd23f
http://www.nessus.org/u?ffb73998
https://seclists.org/bugtraq/2019/Aug/40
https://seclists.org/bugtraq/2019/Sep/1
https://security.netapp.com/advisory/ntap-20190823-0002/
https://security.netapp.com/advisory/ntap-20190823-0005/
https://support.f5.com/csp/article/K02591030
http://www.nessus.org/u?203b5929
https://usn.ubuntu.com/4099-1/
https://www.debian.org/security/2019/dsa-4505
https://www.debian.org/security/2019/dsa-4511
https://www.debian.org/security/2020/dsa-4669
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.synology.com/security/advisory/Synology_SA_19_33
Plugin Details
Severity: High
ID: 502466
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 10/1/2024
Updated: 10/2/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2019-9513
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:synology:diskstation_manager:6.2
Required KB Items: Tenable.ot/Synology
Exploit Ease: No known exploits are available
Patch Publication Date: 8/13/2019
Vulnerability Publication Date: 8/13/2019
Reference Information
CVE: CVE-2019-9513
CWE: 400