CVE-2017-11496

{"id": "CVE-2017-11496", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-10-03T01:29:01.077", "references": [{"url": "http://www.securityfocus.com/bid/102739", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/102906", "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", "source": "cve@mitre.org"}, {"url": "https://ics-cert.kaspersky.com/alerts/2017/07/28/multiple-vulnerabilities-found-in-popular-license-manager/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01", "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", "source": "cve@mitre.org"}, {"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en hasplms en Gemalto ACC (Admin Control Center) en todas sus versiones desde HASP SRM 2.10 hasta Sentinel LDK 7.50 permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante transferencias ASN.1 mal formadas en V2C y archivos de entrada similares."}], "lastModified": "2018-05-11T01:29:00.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0D085F4-A4D5-406F-9C71-60E38674D4A5"}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "613D88BA-F9E7-4F5C-849D-36D5C0934617"}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A692A81-F3B0-4894-A04D-948D488AD2CA"}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22489E71-8667-40F0-BC80-35278EF7DC08"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}