CVE-2017-16299

{"id": "CVE-2017-16299", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2023-01-11T22:15:12.567", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the \"cc\" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_raw, at 0x9d01aad8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow."}, {"lang": "es", "value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer explotables en el controlador de mensajes PubNub para el canal \"cc\" de Insteon Hub que ejecuta la versi\u00f3n de firmware 1012. Los comandos especialmente manipulados enviados a trav\u00e9s del servicio PubNub pueden provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria que sobrescriba datos arbitrarios. Un atacante deber\u00eda enviar una solicitud HTTP autenticada para activar esta vulnerabilidad. En cmd sn_raw, en 0x9d01aad8, el valor de la clave `d` se copia usando `strcpy` al b\u00fafer en `$sp+0x334`. Este b\u00fafer tiene 100 bytes de tama\u00f1o, enviar algo m\u00e1s largo provocar\u00e1 un desbordamiento de b\u00fafer."}], "lastModified": "2024-11-21T03:16:12.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insteon:insteon_hub_firmware:1012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69CCA985-291A-4247-9187-441F5A04AAE8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:insteon:insteon_hub:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8DB75024-9744-412B-BCFB-74BB36F352F0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}