CVE-2018-16596

{"id": "CVE-2018-16596", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2018-12-17T19:29:00.533", "references": [{"url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-16596.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en el servicio LAN UPnP que se ejecuta en el puerto 1900 UDP de Swisscom Internet-Box (2, Standard y Plus) en versiones anteriores a la v09.04.00, e Internet-Box light en versiones anteriores a la v08.05.02 permite la ejecuci\u00f3n remota de c\u00f3digo. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. El env\u00edo de un simple paquete UDP al puerto UDP 1900 permite que un atacante ejecute c\u00f3digo en un dispositivo remoto. Sin embargo, esto solo es posible si el atacante est\u00e1 dentro de la LAN. Debido a ASLR, el porcentaje de \u00e9xito no es del 100% y conduce a la denegaci\u00f3n de servicio (DoS) del servicio UPnP. Las funcionalidades restantes de Internet Box no se han visto afectadas. Es necesario reiniciar Internet Box para intentar su explotaci\u00f3n nuevamente."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:swisscom:internet-box_standard_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C4EA63A-F1F7-4D40-89F8-488CEBA10EDB", "versionEndExcluding": "09.04.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:swisscom:internet-box_2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "927142EA-D46E-4A31-AAA1-6B1826BB0A85"}, {"criteria": "cpe:2.3:h:swisscom:internet-box_standard:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5EFFDE19-42FB-452F-AB21-6FBE0E9B3441"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:swisscom:internet-box_light_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68A16941-3C3D-4F29-A234-51D8026F94DF", "versionEndExcluding": "08.05.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:swisscom:internet-box_light:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D535048-7F72-438E-BF84-7DB7F9060919"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:swisscom:internet-box_plus_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDD9AC3D-B9EF-43AF-816B-F51502AD62BC", "versionEndExcluding": "09.04.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:swisscom:internet-box_plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "39825764-48CD-40BC-9FEA-6847A18B7868"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:swisscom:internet-box_2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46364036-0834-45BF-A888-7B352D9AFFB1", "versionEndIncluding": "09.04.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:swisscom:internet-box_2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "927142EA-D46E-4A31-AAA1-6B1826BB0A85"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}