CVE-2017-11498

{"id": "CVE-2017-11498", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-10-03T01:29:01.153", "references": [{"url": "http://www.securityfocus.com/bid/102739", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/102906", "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", "source": "cve@mitre.org"}, {"url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01", "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", "source": "cve@mitre.org"}, {"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en hasplms en Gemalto ACC (Admin Control Center) en todas sus versiones desde HASP SRM 2.10 hasta Sentinel LDK 7.50 permite que los atacantes remotos detengan el proceso remoto (denegaci\u00f3n de servicio) mediante un paquete de lenguaje (archivo ZIP) con archivos HTML no v\u00e1lidos."}], "lastModified": "2018-05-11T01:29:01.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0D085F4-A4D5-406F-9C71-60E38674D4A5"}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "613D88BA-F9E7-4F5C-849D-36D5C0934617"}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A692A81-F3B0-4894-A04D-948D488AD2CA"}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22489E71-8667-40F0-BC80-35278EF7DC08"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}