6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.226 Low
EPSS
Percentile
96.5%
Senrio reports:
Genivia gSOAP is prone to a stack-based buffer-overflow
vulnerability because it fails to properly bounds check user-supplied
data before copying it into an insufficiently sized buffer.
A remote attacker may exploit this issue to execute arbitrary code
in the context of the affected device. Failed attempts will likely
cause a denial-of-service condition.
blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
blog.senr.io/devilsivy.html
www.securityfocus.com/bid/99868/discuss
www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21,_2017%29
www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.226 Low
EPSS
Percentile
96.5%