CVE-2017-16265

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_bt, at 0x9d016104, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*

cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-01-11 22:15

Updated : 2024-02-28 19:51

NVD link : CVE-2017-16265

Mitre link : CVE-2017-16265

CVE.ORG link : CVE-2017-16265

JSON object : View

Products Affected

insteon

hub
hub_firmware

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2017-16265", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2023-01-11T22:15:10.263", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_bt, at 0x9d016104, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow."}], "lastModified": "2023-01-23T17:06:33.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17F98B37-72C0-48A5-A4E2-12327F48327E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "951165BE-0AC1-4690-8B36-E402CA0197FB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}