------------------------------------------------------------------- | PXS-LU-CSIRT | | Proximus Luxembourg CyberSecurity Incident Response Team | | ------------- | | Vulnerability Notification Form | | ------------- | | Version: 3.1 | Sensitivity: PUBLIC | TLP: CLEAR | ------------------------------------------------------------------- The Proximus Luxembourg CSIRT (PXS-LU-CSIRT) is the response entity for the computer incidents related to the Autonomous System Number (ASN) AS56665. To notify a vulnerability in either software or hardware products, please complete as detailed as possible this form with enough information for allowing PXS-LU-CSIRT and the Vendor to analyse it, understand it and reproduce it and send it to preferably PGP/GPG encrypted (PGP KeyID 6E2EA9F8). PXS-LU-CSIRT hours of operation are restricted to regular business hours: 09h00-17h00 CET from Monday to Friday except during Luxembourg’s public holidays. Outside of these hours and in case of emergency, the email address, mainly dedicated to operational problems, can be contacted. All reported information will be treated confidentially according to our policies (please refer to our rfc2350 available at https://www.proximusnxt.lu/en/proximus-luxembourg-csirt). *** Bug Bounty Policy *** We value those who take the time and effort to report security vulnerabilities. However, we do not offer monetary rewards for vulnerability disclosures. ************************* * About the reporter - Reporter’s company: __________________________________________________________________ - Reporter’s name: __________________________________________________________________ - Reporter’s phone number: __________________________________________________________________ - Reporter’s email address: __________________________________________________________________ - Reporter wants to remain : [ ] Yes anonymous [ ] No (Default) * About the vulnerability to be notified - Many vulnerabilities can be listed here - Impacted product(s) : __________________________________________________________________ List the concerned software / hardware __________________________________________________________________ products __________________________________________________________________ - Reporter’s description of the vulnerability Try to be as precise as possible about the vulnerability, its discovery (tools/techniques), the way to exploit it and the identified potential impacts. _____________________________________________________________________________________________ _____________________________________________________________________________________________ _____________________________________________________________________________________________ _____________________________________________________________________________________________ _____________________________________________________________________________________________ _____________________________________________________________________________________________ _____________________________________________________________________________________________ _____________________________________________________________________________________________ _____________________________________________________________________________________________