CVE-2017-16348

Exploit

EPSS 0.61%
Veröffentlicht 23.08.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:16:18
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Insteon ≫ Insteon Hub Firmware Version1012

Insteon ≫ Insteon Hub Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.685

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
talos-cna@cisco.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0485

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-16348

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16348

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16348

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-16348