Lucene search

[email protected]NVD:CVE-2017-14454

HistoryJan 12, 2023 - 12:15 a.m.

CVE-2017-14454

2023-01-1200:15:08

CWE-120

[email protected]

web.nvd.nist.gov

cve-2017-14454

buffer overflow

pubnub

insteon hub

firmware

https get

strcpy

vulnerability

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the “control” channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The strcpy at [18] overflows the buffer insteon_pubnub.channel_al, which has a size of 16 bytes.

Affected configurations

Nvd

Node

insteonhub_firmwareMatch1012

AND

insteonhubMatch-

VendorProductVersionCPE
insteonhub_firmware1012cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*
insteonhub-cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insteon	hub_firmware	1012	cpe:2.3:o:insteon:hub_firmware:1012:::::::*
insteon	hub	-	cpe:2.3:h:insteon:hub:-:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2017-0502

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

Related for NVD:CVE-2017-14454

cve1 prion1 cvelist1 talos1 seebug1 talosblog1