Foxit Reader util printf Out-Of-Bounds Read Information Disclosure Vulnerability

2017-11-14T00:00:00

Description

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

{"id": "ZDI-17-895", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "Foxit Reader util printf Out-Of-Bounds Read Information Disclosure Vulnerability", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "published": "2017-11-14T00:00:00", "modified": "2017-11-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-895/", "reporter": "Anonymous", "references": ["https://www.foxitsoftware.com/support/security-bulletins.php"], "cvelist": ["CVE-2017-16584"], "immutableFields": [], "lastseen": "2022-02-10T00:00:00", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-16584"]}, {"type": "kaspersky", "idList": ["KLA11162"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113073", "OPENVAS:1361412562310113075"]}]}, "score": {"value": 3.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-16584"]}, {"type": "kaspersky", "idList": ["KLA11162"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113073", "OPENVAS:1361412562310113075"]}]}, "exploitation": null, "vulnersScore": 3.9}, "_state": {"dependencies": 1647589307, "score": 0}}

{"cve": [{"lastseen": "2022-03-23T14:45:40", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-20T14:29:00", "type": "cve", "title": "CVE-2017-16584", "cwe": ["CWE-200", "CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16584"], "modified": "2019-10-09T23:25:00", "cpe": ["cpe:/a:foxitsoftware:foxit_reader:8.3.2.25013"], "id": "CVE-2017-16584", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16584", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:foxitsoftware:foxit_reader:8.3.2.25013:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16584", "CVE-2017-16578", "CVE-2017-16586", "CVE-2017-16579", "CVE-2017-16583", "CVE-2017-16587", "CVE-2017-16580", "CVE-2017-16582", "CVE-2017-16585", "CVE-2017-16581"], "description": "Foxit Reader 8.3.2 is vulnerable to multiple code execution and information disclosure vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310113075", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113075", "type": "openvas", "title": "Multiple vulnerabilities in Foxit Reader 8.3.2 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple vulnerabilities in Foxit Reader 8.3.2 (Linux)\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113075\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-21 11:48:49 +0100 (Thu, 21 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2017-16578\", \"CVE-2017-16579\", \"CVE-2017-16580\", \"CVE-2017-16581\",\n \"CVE-2017-16582\", \"CVE-2017-16583\", \"CVE-2017-16584\", \"CVE-2017-16585\",\n \"CVE-2017-16586\", \"CVE-2017-16587\");\n\n script_name(\"Multiple vulnerabilities in Foxit Reader 8.3.2 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_foxit_reader_detect_lin.nasl\");\n script_mandatory_keys(\"foxit/reader/linux/ver\");\n\n script_tag(name:\"summary\", value:\"Foxit Reader 8.3.2 is vulnerable to multiple code execution and information disclosure vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"The script checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Foxit Reader 8.3.2 allows information disclosure through improper validation of user input. It also allows code execution via both improper object validation and improper user input validation that leads to a type confusion condition.\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to access sensitive information or execute code on the target host.\");\n script_tag(name:\"affected\", value:\"Foxit Reader 8.3.2 and before on Linux.\");\n script_tag(name:\"solution\", value:\"Update to Foxit Reader 9.0 or above.\");\n\n script_xref(name:\"URL\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php\");\n script_xref(name:\"URL\", value:\"https://www.foxitsoftware.com/de/pdf-reader/version-history.php\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:foxitsoftware:reader\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif(!infos = get_app_version_and_location( cpe: CPE, exit_no_version: TRUE )) exit(0);\nversion = infos['version'];\npath = infos['location'];\n\n# Version numbers in Foxit are a bit weird. 8.3.2 is equal to 8.3.2.25013, but the latter would be excluded in a version check of 8.3.2\nif( version_is_less_equal( version: version, test_version: \"8.3.2.25013\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"9.0\", install_path: path );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16584", "CVE-2017-16578", "CVE-2017-16586", "CVE-2017-16579", "CVE-2017-16583", "CVE-2017-16587", "CVE-2017-16580", "CVE-2017-16582", "CVE-2017-16585", "CVE-2017-16581"], "description": "Foxit Reader 8.3.2 is vulnerable to multiple code execution and information disclosure vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310113073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113073", "type": "openvas", "title": "Multiple vulnerabilities in Foxit Reader 8.3.2 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Multiple vulnerabilities in Foxit Reader 8.3.2 (Windows)\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113073\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-21 11:48:49 +0100 (Thu, 21 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2017-16578\", \"CVE-2017-16579\", \"CVE-2017-16580\", \"CVE-2017-16581\",\n \"CVE-2017-16582\", \"CVE-2017-16583\", \"CVE-2017-16584\", \"CVE-2017-16585\",\n \"CVE-2017-16586\", \"CVE-2017-16587\");\n\n script_name(\"Multiple vulnerabilities in Foxit Reader 8.3.2 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_foxit_reader_detect_portable_win.nasl\");\n script_mandatory_keys(\"foxit/reader/ver\");\n\n script_tag(name:\"summary\", value:\"Foxit Reader 8.3.2 is vulnerable to multiple code execution and information disclosure vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"The script checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Foxit Reader 8.3.2 allows information disclosure through improper validation of user input. It also allows code execution via both improper object validation and improper user input validation that leads to a type confusion condition.\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to access sensitive information or execute code on the target host.\");\n script_tag(name:\"affected\", value:\"Foxit Reader 8.3.2 and before on Windows.\");\n script_tag(name:\"solution\", value:\"Update to Foxit Reader 9.0 or above.\");\n\n script_xref(name:\"URL\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php\");\n script_xref(name:\"URL\", value:\"https://www.foxitsoftware.com/de/pdf-reader/version-history.php\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:foxitsoftware:reader\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif(!infos = get_app_version_and_location( cpe: CPE, exit_no_version: TRUE )) exit(0);\nversion = infos['version'];\npath = infos['location'];\n\n# Version numbers in Foxit are a bit weird. 8.3.2 is equal to 8.3.2.25013, but the latter would be excluded in a version check of 8.3.2\nif( version_is_less_equal( version: version, test_version: \"8.3.2.25013\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"9.0\", install_path: path );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:15:31", "description": "### *Detect date*:\n11/01/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code.\n\n### *Affected products*:\nFoxit Reader earlier than 9.0.0.29935 \nFoxit PhantomPDF earlier than 9.0.0.29935\n\n### *Solution*:\nUpdate to latest version \n[Download Foxit Reader](<https://www.foxitsoftware.com/downloads/#Foxit-Reader>) \n[Download Foxit PhantomPDF](<https://www.foxitsoftware.com/downloads/#Foxit-PhantomPDF-Business>)\n\n### *Original advisories*:\n[Security bulletins](<https://www.foxitsoftware.com/support/security-bulletins.php>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Foxit Reader](<https://threats.kaspersky.com/en/product/Foxit-Reader/>)\n\n### *CVE-IDS*:\n[CVE-2017-14834](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14834>)6.8High \n[CVE-2017-14835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14835>)6.8High \n[CVE-2017-14836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14836>)6.8High \n[CVE-2017-14837](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14837>)6.8High \n[CVE-2017-16571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16571>)6.8High \n[CVE-2017-16572](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16572>)6.8High \n[CVE-2017-16573](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16573>)4.3Warning \n[CVE-2017-16574](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16574>)4.3Warning \n[CVE-2017-16575](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16575>)6.8High \n[CVE-2017-16576](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16576>)6.8High \n[CVE-2017-16577](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16577>)6.8High \n[CVE-2017-16578](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16578>)6.8High \n[CVE-2017-16579](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16579>)4.3Warning \n[CVE-2017-16580](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16580>)4.3Warning \n[CVE-2017-16581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16581>)6.8High \n[CVE-2017-16582](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16582>)6.8High \n[CVE-2017-16583](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16583>)6.8High \n[CVE-2017-16584](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16584>)4.3Warning \n[CVE-2017-16585](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16585>)6.8High \n[CVE-2017-16586](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16586>)6.8High \n[CVE-2017-16587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16587>)6.8High \n[CVE-2017-16588](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16588>)4.3Warning \n[CVE-2017-16589](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16589>)4.3Warning \n[CVE-2017-10956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10956>)4.3Warning \n[CVE-2017-10957](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10957>)6.8High \n[CVE-2017-10958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10958>)6.8High \n[CVE-2017-10959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10959>)6.8High \n[CVE-2017-14818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14818>)4.3Warning \n[CVE-2017-14819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14819>)4.3Warning \n[CVE-2017-14820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14820>)4.3Warning \n[CVE-2017-14821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14821>)4.3Warning \n[CVE-2017-14822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14822>)4.3Warning \n[CVE-2017-14823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14823>)6.8High \n[CVE-2017-14824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14824>)6.8High \n[CVE-2017-14825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14825>)6.8High \n[CVE-2017-14826](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14826>)6.8High \n[CVE-2017-14827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14827>)6.8High \n[CVE-2017-14828](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14828>)6.8High \n[CVE-2017-14829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14829>)6.8High \n[CVE-2017-14830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14830>)6.8High \n[CVE-2017-14831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14831>)6.8High \n[CVE-2017-14832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14832>)6.8High \n[CVE-2017-14833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14833>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-01T00:00:00", "type": "kaspersky", "title": "KLA11162 Multiple vulnerabilities in Foxit Reader", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10956", "CVE-2017-10957", "CVE-2017-10958", "CVE-2017-10959", "CVE-2017-14818", "CVE-2017-14819", "CVE-2017-14820", "CVE-2017-14821", "CVE-2017-14822", "CVE-2017-14823", "CVE-2017-14824", "CVE-2017-14825", "CVE-2017-14826", "CVE-2017-14827", "CVE-2017-14828", "CVE-2017-14829", "CVE-2017-14830", "CVE-2017-14831", "CVE-2017-14832", "CVE-2017-14833", "CVE-2017-14834", "CVE-2017-14835", "CVE-2017-14836", "CVE-2017-14837", "CVE-2017-16571", "CVE-2017-16572", "CVE-2017-16573", "CVE-2017-16574", "CVE-2017-16575", "CVE-2017-16576", "CVE-2017-16577", "CVE-2017-16578", "CVE-2017-16579", "CVE-2017-16580", "CVE-2017-16581", "CVE-2017-16582", "CVE-2017-16583", "CVE-2017-16584", "CVE-2017-16585", "CVE-2017-16586", "CVE-2017-16587", "CVE-2017-16588", "CVE-2017-16589"], "modified": "2020-06-03T00:00:00", "id": "KLA11162", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11162/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}