CVE-2017-14452
Last modified
CVE-2017-14452 is a vulnerability of currently unknown severity. An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. EPSS estimates a 1.27% chance of exploitation in the next 30 days.
Description
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Insteon | Hub Firmware | 1012 |
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502Exploit, Third Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14452?
How severe is CVE-2017-14452?
How do I fix CVE-2017-14452?
Are you affected by CVE-2017-14452?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST