CVE-2017-14454
| Summary |
Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes.
|
| Publication Date |
Jan. 12, 2023, 9:15 a.m. |
| Registration Date |
Jan. 12, 2023, noon |
| Last Update |
Nov. 21, 2024, 12:12 p.m. |
|
CVSS3.1 : HIGH
|
| スコア |
8.5
|
| Vector |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 攻撃元区分(AV) |
ネットワーク |
| 攻撃条件の複雑さ(AC) |
高 |
| 攻撃に必要な特権レベル(PR) |
低 |
| 利用者の関与(UI) |
不要 |
| 影響の想定範囲(S) |
変更あり |
| 機密性への影響(C) |
高 |
| 完全性への影響(I) |
高 |
| 可用性への影響(A) |
高 |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:* |
|
|
|
|
| execution environment |
| 1 |
cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:* |
Related information, measures and tools
Common Vulnerabilities List