Sign-up

ID

VAR-201710-1105


CVE

CVE-2017-12821


TITLE

plural Gemalto Product Sentinel LDK RTE Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009453

DESCRIPTION

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution. Gemalto Sentinel License Manager is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities. 2. Multiple heap-based buffer-overflow vulnerabilities. 3. A security bypass vulnerability. 4. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Sentinel LDK is a license management tool

Trust: 2.07

sources: NVD: CVE-2017-12821 // JVNDB: JVNDB-2017-009453 // BID: 102906 // VULHUB: VHN-103382 // VULMON: CVE-2017-12821

AFFECTED PRODUCTS

vendor:sentinelmodel:ldk rtescope:lteversion:7.50

Trust: 1.0

vendor:gemalto n vmodel:sentinel ldk rtescope:ltversion:7.55

Trust: 0.8

vendor:sentinelmodel:ldk rtescope:eqversion:7.50

Trust: 0.6

vendor:gemaltomodel:sentinel ldkscope:eqversion:7.54

Trust: 0.3

vendor:gemaltomodel:sentinel haspscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:hasp srmscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:sentinel ldkscope:neversion:7.55

Trust: 0.3

sources: BID: 102906 // JVNDB: JVNDB-2017-009453 // CNNVD: CNNVD-201708-494 // NVD: CVE-2017-12821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12821
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12821
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201708-494
value: HIGH

Trust: 0.6

VULHUB: VHN-103382
value: HIGH

Trust: 0.1

VULMON: CVE-2017-12821
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12821
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-103382
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12821
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-103382 // VULMON: CVE-2017-12821 // JVNDB: JVNDB-2017-009453 // CNNVD: CNNVD-201708-494 // NVD: CVE-2017-12821

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-103382 // JVNDB: JVNDB-2017-009453 // NVD: CVE-2017-12821

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-494

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201708-494

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009453

PATCH
title:Top Pageurl:https://sentinelcustomer.gemalto.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009453

EXTERNAL IDS
db:NVDid:CVE-2017-12821
Trust: 2.9
db:ICS CERTid:ICSA-18-093-01
Trust: 2.0
db:BIDid:102906
Trust: 1.5
db:SIEMENSid:SSA-727467
Trust: 1.2
db:ICS CERTid:ICSA-18-032-03
Trust: 1.2
db:ICS CERTid:ICSA-18-018-01
Trust: 0.8
db:JVNDBid:JVNDB-2017-009453
Trust: 0.8
db:CNNVDid:CNNVD-201708-494
Trust: 0.7
db:VULHUBid:VHN-103382
Trust: 0.1
db:VULMONid:CVE-2017-12821
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103382 // 
            
            
            
            VULMON: CVE-2017-12821 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009453 // 
            
            
            
            CNNVD: CNNVD-201708-494 // 
            
            
            
            NVD: CVE-2017-12821

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/
Trust: 2.6
url:http://www.securityfocus.com/bid/102906
Trust: 1.2
url:https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-18-093-01
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-18-032-03
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12821
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-18-018-01
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-093-01
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12821
Trust: 0.8
url:https://sentinelcustomer.gemalto.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103382 // 
            
            
            
            VULMON: CVE-2017-12821 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009453 // 
            
            
            
            CNNVD: CNNVD-201708-494 // 
            
            
            
            NVD: CVE-2017-12821

CREDITS
Kaspersky Labs
Trust: 0.3
sources:
            
            
            BID: 102906

SOURCES
db:VULHUBid:VHN-103382
db:VULMONid:CVE-2017-12821
db:BIDid:102906
db:JVNDBid:JVNDB-2017-009453
db:CNNVDid:CNNVD-201708-494
db:NVDid:CVE-2017-12821

LAST UPDATE DATE
2025-04-20T23:12:50.481000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-103382date:2018-05-11T00:00:00
db:VULMONid:CVE-2017-12821date:2018-05-11T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009453date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201708-494date:2017-10-17T00:00:00
db:NVDid:CVE-2017-12821date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-103382date:2017-10-04T00:00:00
db:VULMONid:CVE-2017-12821date:2017-10-04T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009453date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201708-494date:2017-08-14T00:00:00
db:NVDid:CVE-2017-12821date:2017-10-04T01:29:02.247