CVE-2017-11497

Sažetak

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.

Reference

http://www.securityfocus.com/bid/102739
http://www.securityfocus.com/bid/102906
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/
https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-05-2018 - 01:29

Objavljeno

03-10-2017 - 01:29