Sign-up

ID

VAR-201706-0485


CVE

CVE-2017-2780


TITLE

InsideSecure MatrixSSL Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005020

DESCRIPTION

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection. InsideSecure MatrixSSL Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Inside Secure MatrixSSL is an IoT application toolkit from the French company Inside Secure, which can implement TLS and DTLS in a modular way. MatrixSSL is prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. MatrixSSL 3.8.7b is vulnerable; other versions may also be affected

Trust: 2.97

sources: NVD: CVE-2017-2780 // JVNDB: JVNDB-2017-005020 // CNVD: CNVD-2017-15852 // CNNVD: CNNVD-201706-981 // BID: 99249

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-15852

AFFECTED PRODUCTS

vendor:matrixsslmodel:matrixsslscope:eqversion:3.8.7b

Trust: 2.4

vendor:insidemodel:secure matrixssl 3.8.7bscope: - version: -

Trust: 0.6

vendor:matrixsslmodel:3.8.7bscope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2017-15852 // BID: 99249 // JVNDB: JVNDB-2017-005020 // CNNVD: CNNVD-201706-981 // NVD: CVE-2017-2780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2780
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2780
value: HIGH

Trust: 1.0

NVD: CVE-2017-2780
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-15852
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-981
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2017-2780
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-15852
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2780
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2780
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2017-2780
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-15852 // JVNDB: JVNDB-2017-005020 // CNNVD: CNNVD-201706-981 // NVD: CVE-2017-2780 // NVD: CVE-2017-2780

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2017-005020 // NVD: CVE-2017-2780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-981

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201706-981

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005020

PATCH
title:GUARD TLS-TK, a compact TLS/DTLS stack for embedded securityurl:https://www.insidesecure.com/Products/Data-Communication/Secure-Communication-Toolkits/GUARD-TLS-TK
Trust: 0.8
title:Patch for Inside Secure MatrixSSL Buffer Overflow Vulnerability (CNVD-2017-15852)url:https://www.cnvd.org.cn/patchInfo/show/98516
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-15852 // 
            
            
            
            JVNDB: JVNDB-2017-005020

EXTERNAL IDS
db:NVDid:CVE-2017-2780
Trust: 3.3
db:TALOSid:TALOS-2017-0276
Trust: 3.3
db:BIDid:99249
Trust: 1.9
db:JVNDBid:JVNDB-2017-005020
Trust: 0.8
db:CNVDid:CNVD-2017-15852
Trust: 0.6
db:CNNVDid:CNNVD-201706-981
Trust: 0.6
db:TALOSid:TALOS-2017-0277
Trust: 0.3
db:TALOSid:TALOS-2017-0278
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-15852 // 
            
            
            
            BID: 99249 // 
            
            
            
            JVNDB: JVNDB-2017-005020 // 
            
            
            
            CNNVD: CNNVD-201706-981 // 
            
            
            
            NVD: CVE-2017-2780

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0276
Trust: 3.3
url:http://www.securityfocus.com/bid/99249
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2780
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2780
Trust: 0.8
url:http://www.matrixssl.org/index.html
Trust: 0.3
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0278
Trust: 0.3
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0277
Trust: 0.3
url:http://blog.talosintelligence.com/2017/06/matrixssl-multiple-vulns.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-15852 // 
            
            
            
            BID: 99249 // 
            
            
            
            JVNDB: JVNDB-2017-005020 // 
            
            
            
            CNNVD: CNNVD-201706-981 // 
            
            
            
            NVD: CVE-2017-2780

CREDITS
Aleksandar Nikolic of Cisco Talos.
Trust: 0.3
sources:
            
            
            BID: 99249

SOURCES
db:CNVDid:CNVD-2017-15852
db:BIDid:99249
db:JVNDBid:JVNDB-2017-005020
db:CNNVDid:CNNVD-201706-981
db:NVDid:CVE-2017-2780

LAST UPDATE DATE
2024-11-23T21:40:58.288000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-15852date:2017-07-21T00:00:00
db:BIDid:99249date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-005020date:2017-07-13T00:00:00
db:CNNVDid:CNNVD-201706-981date:2023-02-01T00:00:00
db:NVDid:CVE-2017-2780date:2024-11-21T03:24:08.330

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-15852date:2017-07-21T00:00:00
db:BIDid:99249date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-005020date:2017-07-13T00:00:00
db:CNNVDid:CNNVD-201706-981date:2017-06-23T00:00:00
db:NVDid:CVE-2017-2780date:2017-06-22T21:29:00.213