CVE-2019-17006

Name: CVE-2019-17006
Creator: NVD / NIST
Published: 2020-10-22T21:15:12.56+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 3.55%

Last modified Jun 17, 2026

CVE-2019-17006 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.. EPSS estimates a 3.55% chance of exploitation in the next 30 days.

Description

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.55%

87.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Ruggedcom Rox Mx5000 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1400 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1500 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1501 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1510 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1511 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx1512 Firmware	< 2.14.0
Siemens	Ruggedcom Rox Rx5000 Firmware	< 2.14.0
Mozilla	Network Security Services	< 3.46
Netapp	Hci Management Node	All versions
Netapp	Solidfire	All versions
Netapp	Hci Compute Node	All versions
Netapp	Hci Storage Node	All versions

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1539788Exploit, Issue Tracking, Patch, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfThird Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notesRelease Notes, Vendor Advisory
https://security.netapp.com/advisory/ntap-20210129-0001/Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04Third Party Advisory, US Government Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788Exploit, Issue Tracking, Patch, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfThird Party Advisory
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notesRelease Notes, Vendor Advisory
https://security.netapp.com/advisory/ntap-20210129-0001/Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04Third Party Advisory, US Government Resource

Timeline

Published: Oct 22, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-17006?

How severe is CVE-2019-17006?

CVE-2019-17006 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 3.55% probability of exploitation in the next 30 days.

How do I fix CVE-2019-17006?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-17006?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST