CVE-2017-14455

{"id": "CVE-2017-14455", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2018-08-23T15:29:00.333", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144975", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "tags": ["Third Party Advisory", "VDB Entry"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long \"ak\" parameter in order to exploit this vulnerability."}, {"lang": "es", "value": "En los dispositivos Insteon Hub 2245-222 con la versi\u00f3n de firmware 1012, las respuestas especialmente manipuladas recibidas desde el servicio PubNub pueden provocar desbordamientos de b\u00fafer en una secci\u00f3n global sobrescribiendo datos arbitrarios. Un atacante debe suplantar PubNub y responder una petici\u00f3n GET HTTP para desencadenar esta vulnerabilidad. Un strcpy desborda el b\u00fafer insteon_pubnub.channel_ak, el cual tiene un tama\u00f1o de 16 bytes. Un atacante puede enviar un par\u00e1metro \"ak \" arbitrariamente largo para explotar esta vulnerabilidad."}], "lastModified": "2022-04-19T19:15:17.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insteon:hub_2245-222_firmware:1012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2532FA22-D435-47E6-8DFA-47377B1959D6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:insteon:hub_2245-222:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "150E9049-5523-4BC3-A5A5-473B6D320B68"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}