Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1408 — HP Hp-ux vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

1.3%

top 20.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Hp-ux IBM AIX

Timeline

PublishedMar 5

Latest updateApr 30

Description

Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/aix6 versions+5

▶NVDhp/hp-ux10.01, 10.20, 9.05+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-9mgc-w22j-v953: Vulnerability in AIX 4↗2022-04-30

▶

CVEList

CVE-1999-1408: Vulnerability in AIX 4↗2001-09-12

▶

💥Exploits & PoCs

Exploit-DB

HP HP-UX 10.20 / IBM AIX 4.1.5 - 'connect()' Denial of Service↗1997-03-05

▶