← volver
CVE-2017-14454

CVE-2017-14454

CVSS 8.5 HIGHEPSS 0.6%CWE-120
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 ene 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Insteon · Hub

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502