Lucene search

[email protected]NVD:CVE-2017-14447

HistoryAug 06, 2018 - 5:29 p.m.

CVE-2017-14447

2018-08-0617:29:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

31.7%

JSON

An exploitable buffer overflow vulnerability exists in the PubNub message handler for the ‘ad’ channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.

Affected configurations

Nvd

Node

insteonhub_firmwareMatch1012

AND

insteonhubMatch-

VendorProductVersionCPE
insteonhub_firmware1012cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*
insteonhub-cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insteon	hub_firmware	1012	cpe:2.3:o:insteon:hub_firmware:1012:::::::*
insteon	hub	-	cpe:2.3:h:insteon:hub:-:::::::*

References

www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

31.7%

JSON

Related for NVD:CVE-2017-14447

talos1 cve1 seebug1 prion1 cvelist1 talosblog1