Security Vulnerabilities
CVE (Common Vulnerabilities or Exposures) are a list of publicly disclosed computer security flaws. We highly advise you to upgrade your appliances to the latest firmware release as soon as you discover a CVE that affects your appliance.
Latest firmware
Below is a list of CVEs that have affected our products and the dates when they were patched, including some other harmful and well known vulnerabilites which don't affect our products.
CACHEBOX
| Firmware patch and date of release | |||||
|---|---|---|---|---|---|
| Vulnerability | Common name | Products Affected | CACHEBOX | EDUGATEBOX | CACHEBOXCMC |
| CVE-2021-4034 | PolKit (Policy Kit) Vulnerability | Not affected | |||
| CVE-2021-44228 | Apache Log4j Remote Code Execution Vulnerability | Not affected | |||
| CVE-2021-3711 | OpenSSL: SM2 Decryption Buffer Overflow | CACHEBOX, CMC | 4.18.2 - 31-Aug-21 | 3.14.1 - 18-Oct-21 | |
| CVE-2021-3712 | CACHEBOX, CMC | 4.18.2 - 31-Aug-21 | |||
| CVE-2020-25097 | CACHEBOX | 4.18.1 - 28-Jun-21 | |||
| CVE-2021-28651 | CACHEBOX | 4.18.1 - 28-Jun-21 | |||
| CVE-2021-28662 | CACHEBOX | 4.18.1 - 28-Jun-21 | |||
| CVE-2021-28652 | CACHEBOX | 4.18.1 - 28-Jun-21 | |||
| CVE-2021-31806 | CACHEBOX | 4.18.1 - 28-Jun-21 | |||
| CVE-2021-31807 | CACHEBOX | 4.18.1 - 28-Jun-21 | |||
| CVE-2021-31808 | CACHEBOX | 4.18.1 - 28-Jun-21 | |||
| CVE-2021-22945 | EDUGATEBOX | 1.5.0 - 05-Nov-21 | |||
| CVE-2021-22946 | EDUGATEBOX | 1.5.0 - 05-Nov-21 | |||
| CVE-2021-22947 | EDUGATEBOX | 1.5.0 - 05-Nov-21 | |||
| CVE-2021-41611 | EDUGATEBOX | 1.5.0 - 05-Nov-21 | |||
| CVE-2021-3156 | Sudo Baron Samedit vulnerability | CACHEBOX, EDUGATEBOX, CMC | 4.17.6 - 02-Feb-21 | 1.4.3 - 28-Jan-21 | 3.13.1 - 17-Feb-21 |
| CVE-2021-23239 | EDUGATEBOX, CMC | 1.4.3 - 28-Jan-21 | 3.13.1 - 17-Feb-21 | ||
| CVE-2021-23240 | EDUGATEBOX, CMC | 1.4.3 - 28-Jan-21 | 3.13.1 - 17-Feb-21 | ||
| CVE-2020-15811 | CACHEBOX, EDUGATEBOX | 4.17.2 - 24-Aug-20 | 1.3.1 - 24-Aug-20 | ||
| CVE-2020-24606 | CACHEBOX, EDUGATEBOX | 4.17.2 - 24-Aug-20 | 1.3.1 - 24-Aug-20 | ||
| CVE-2020-15810 | CACHEBOX, EDUGATEBOX | 4.17.2 - 24-Aug-20 | 1.3.1 - 24-Aug-20 | ||
| CVE-2020-12662 | CACHEBOX | 4.16.2 - 29-May-20 | |||
| CVE-2020-12663 | CACHEBOX | 4.16.2 - 29-May-20 | |||
| CVE-2019-1551 | CACHEBOX, CMC | 4.16.0 - 22-Jan-20 | |||
| CVE-2020-1971 | EDUGATEBOX, CMC | 1.4.4 - 31-Mar-21 | 3.13.1 - 17-Feb-21 | ||
| CVE-2020-1967 | EDUGATEBOX, CMC | 1.4.4 - 31-Mar-21 | 3.13.1 - 17-Feb-21 | ||
| CVE-2019-11477 | CACHEBOX | 4.15.1 - 27-Jun-19 | |||
| CVE-2019-1559 | CACHEBOX | 4.14.2 - 11-Mar-19 | |||
| CVE-2018-5390 | CACHEBOX | 4.14.1 - 19-Nov-18 | |||
| CVE-2018-10360 | CACHEBOX, EDUGATEBOX, CMC | 4.14.0 - 23-Aug-18 | 1.1.0 - 02-Oct-18 | 3.9.0 - 12-Sep-18 | |
| CVE-2018-12020 | CACHEBOX | 4.14.0 - 23-Aug-18 | |||
DNSBOX
| Firmware patch and date of release | |||||
|---|---|---|---|---|---|
| Vulnerability | Common name | Products Affected | DNSBOX200 | DNSBOX300 | DNSBOX400 |
| CVE-2021-4034 | PolKit (Policy Kit) Vulnerability | Not affected | |||
| CVE-2021-44228 | Apache Log4j Remote Code Execution Vulnerability | Not affected | |||
| CVE-2021-3156 | Sudo Baron Samedit vulnerability | DNSBOX200 | 2.13.3 - 05-May-21 | ||
| CVE-2021-23336 | DNSBOX200 | 2.13.3 -05-May-21 | |||
| CVE-2020-1971 | DNSBOX200 | 2.13.3 - 05-May-21 | |||
| CVE-2020-1967 | DNSBOX200 | 2.13.3 - 05-May-21 | |||
| CVE-2019-1551 | DNSBOX200 | 2.13.3 - 05-May-21 | |||
| CVE-2021-3177 | DNSBOX200 | 2.13.3 - 05-May-21 | |||
| CVE-2020-8616 | DNSBOX200, DNSBOX300, DNSBOX400 | 2.12.2 - 29-Jul-20 | 3.11.2 - 09-Jun-20 | 3.11.2 - 09-Jun-20 | |
| CVE-2020-8617 | DNSBOX200, DNSBOX300, DNSBOX400 | 2.12.2 - 29-Jul-20 | 3.11.2 - 09-Jun-20 | 3.11.2 - 09-Jun-20 | |
| CVE-2020-12662 | DNSBOX200 | 2.12.2 - 29-Jul-20 | |||
| CVE-2020-12663 | DNSBOX200 | 2.12.2 - 29-Jul-20 | |||
| CVE-2019-6477 | DNSBOX200, DNSBOX400 | 2.12.0 - 04-Dec-19 | 3.11.0 - 10-Dec-19 | ||
| CVE-2019-18934 | DNSBOX200 | 2.12.0 - 04-Dec-19 | |||
| CVE-2019-6475 | DNSBOX200, DNSBOX400 | 2.12.0 - 04-Dec-19 | 3.11.0 - 10-Dec-19 | ||
| CVE-2019-6476 | DNSBOX200, DNSBOX400 | 2.12.0 - 04-Dec-19 | 3.11.0 - 10-Dec-19 | ||
| CVE-2019-14287 | DNSBOX200, DNSBOX400 | 2.12.0 - 04-Dec-19 | 3.11.0 - 10-Dec-19 | ||
| CVE-2018-5390 | DNSBOX200, DNSBOX300, DNSBOX400 | 2.11.4 - 09-Nov-18 | 3.10.4 - 12-Mar-19 | 3.10.4 - 12-Mar-19 | |
| CVE-2018-5391 | DNSBOX200, DNSBOX300, DNSBOX400 | 2.11.4 - 09-Nov-18 | 3.10.4 - 12-Mar-19 | 3.10.4 - 12-Mar-19 | |
| CVE-2018-10360 | DNSBOX200, DNSBOX300, DNSBOX400 | 2.11.4 - 09-Nov-18 | 3.10.4 - 12-Mar-19 | 3.10.4 - 12-Mar-19 | |
| CVE-2018-12020 | DNSBOX200, DNSBOX400 | 2.11.3b - 13-Jul-18 | 3.10.3 - 06-Jul-18 | ||
| CVE-2017-15105 | DNSBOX200, DNSBOX400 | 2.11.1 - 06-Feb-18 | 3.10.1 - 05-Feb-18 | 3.10.1 - 05-Feb-18 | |
| CVE-2017-3145 | DNSBOX200 | 2.11.0 - 26-Jan-18 | |||