Sign-up

ID

VAR-201710-1104


CVE

CVE-2017-12820


TITLE

plural Gemalto Product Sentinel LDK RTE Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009452

DESCRIPTION

Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. Gemalto Sentinel License Manager is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities. 2. Multiple heap-based buffer-overflow vulnerabilities. 3. A security bypass vulnerability. 4. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Sentinel LDK is a license management tool

Trust: 2.07

sources: NVD: CVE-2017-12820 // JVNDB: JVNDB-2017-009452 // BID: 102906 // VULHUB: VHN-103381 // VULMON: CVE-2017-12820

AFFECTED PRODUCTS

vendor:sentinelmodel:ldk rtescope:lteversion:7.50

Trust: 1.0

vendor:gemalto n vmodel:sentinel ldk rtescope:ltversion:7.55

Trust: 0.8

vendor:sentinelmodel:ldk rtescope:eqversion:7.50

Trust: 0.6

vendor:gemaltomodel:sentinel ldkscope:eqversion:7.54

Trust: 0.3

vendor:gemaltomodel:sentinel haspscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:hasp srmscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:sentinel ldkscope:neversion:7.55

Trust: 0.3

sources: BID: 102906 // JVNDB: JVNDB-2017-009452 // CNNVD: CNNVD-201708-495 // NVD: CVE-2017-12820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12820
value: HIGH

Trust: 1.0

NVD: CVE-2017-12820
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-495
value: MEDIUM

Trust: 0.6

VULHUB: VHN-103381
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-12820
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12820
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-103381
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12820
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-103381 // VULMON: CVE-2017-12820 // JVNDB: JVNDB-2017-009452 // CNNVD: CNNVD-201708-495 // NVD: CVE-2017-12820

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-103381 // JVNDB: JVNDB-2017-009452 // NVD: CVE-2017-12820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-495

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201708-495

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009452

PATCH
title:Top Pageurl:https://sentinelcustomer.gemalto.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009452

EXTERNAL IDS
db:NVDid:CVE-2017-12820
Trust: 2.9
db:ICS CERTid:ICSA-18-093-01
Trust: 2.0
db:BIDid:102906
Trust: 1.5
db:SIEMENSid:SSA-727467
Trust: 1.2
db:ICS CERTid:ICSA-18-032-03
Trust: 1.2
db:ICS CERTid:ICSA-18-018-01
Trust: 0.8
db:JVNDBid:JVNDB-2017-009452
Trust: 0.8
db:CNNVDid:CNNVD-201708-495
Trust: 0.7
db:VULHUBid:VHN-103381
Trust: 0.1
db:VULMONid:CVE-2017-12820
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103381 // 
            
            
            
            VULMON: CVE-2017-12820 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009452 // 
            
            
            
            CNNVD: CNNVD-201708-495 // 
            
            
            
            NVD: CVE-2017-12820

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/
Trust: 2.6
url:http://www.securityfocus.com/bid/102906
Trust: 1.2
url:https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-18-093-01
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-18-032-03
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12820
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-18-018-01
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-093-01
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12820
Trust: 0.8
url:https://sentinelcustomer.gemalto.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103381 // 
            
            
            
            VULMON: CVE-2017-12820 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009452 // 
            
            
            
            CNNVD: CNNVD-201708-495 // 
            
            
            
            NVD: CVE-2017-12820

CREDITS
Kaspersky Labs
Trust: 0.3
sources:
            
            
            BID: 102906

SOURCES
db:VULHUBid:VHN-103381
db:VULMONid:CVE-2017-12820
db:BIDid:102906
db:JVNDBid:JVNDB-2017-009452
db:CNNVDid:CNNVD-201708-495
db:NVDid:CVE-2017-12820

LAST UPDATE DATE
2025-04-20T23:12:50.640000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-103381date:2018-05-11T00:00:00
db:VULMONid:CVE-2017-12820date:2018-05-11T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009452date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201708-495date:2017-10-17T00:00:00
db:NVDid:CVE-2017-12820date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-103381date:2017-10-04T00:00:00
db:VULMONid:CVE-2017-12820date:2017-10-04T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009452date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201708-495date:2017-08-14T00:00:00
db:NVDid:CVE-2017-12820date:2017-10-04T01:29:02.213