Sign-up

ID

VAR-201710-1106


CVE

CVE-2017-12822


TITLE

plural Gemalto Product Sentinel LDK RTE Firmware access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009454

DESCRIPTION

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. Gemalto Sentinel License Manager is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities. 2. Multiple heap-based buffer-overflow vulnerabilities. 3. A security bypass vulnerability. 4. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Sentinel LDK is a license management tool. A remote attacker could exploit this vulnerability to execute code

Trust: 2.07

sources: NVD: CVE-2017-12822 // JVNDB: JVNDB-2017-009454 // BID: 102906 // VULHUB: VHN-103383 // VULMON: CVE-2017-12822

AFFECTED PRODUCTS

vendor:sentinelmodel:ldk rtescope:lteversion:7.50

Trust: 1.0

vendor:gemalto n vmodel:sentinel ldk rtescope:ltversion:7.55

Trust: 0.8

vendor:sentinelmodel:ldk rtescope:eqversion:7.50

Trust: 0.6

vendor:gemaltomodel:sentinel ldkscope:eqversion:7.54

Trust: 0.3

vendor:gemaltomodel:sentinel haspscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:hasp srmscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:sentinel ldkscope:neversion:7.55

Trust: 0.3

sources: BID: 102906 // JVNDB: JVNDB-2017-009454 // CNNVD: CNNVD-201708-493 // NVD: CVE-2017-12822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12822
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12822
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201708-493
value: CRITICAL

Trust: 0.6

VULHUB: VHN-103383
value: HIGH

Trust: 0.1

VULMON: CVE-2017-12822
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12822
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-103383
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12822
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 5.3
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-103383 // VULMON: CVE-2017-12822 // JVNDB: JVNDB-2017-009454 // CNNVD: CNNVD-201708-493 // NVD: CVE-2017-12822

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-103383 // JVNDB: JVNDB-2017-009454 // NVD: CVE-2017-12822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-493

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201708-493

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009454

PATCH
title:Top Pageurl:https://sentinelcustomer.gemalto.com/
Trust: 0.8
title:Gemalto HASP SRM , Sentinel HASP  and Sentinel LDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99966
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009454 // 
            
            
            
            CNNVD: CNNVD-201708-493

EXTERNAL IDS
db:NVDid:CVE-2017-12822
Trust: 2.9
db:ICS CERTid:ICSA-18-093-01
Trust: 2.6
db:BIDid:102906
Trust: 2.1
db:SIEMENSid:SSA-727467
Trust: 1.8
db:ICS CERTid:ICSA-18-032-03
Trust: 1.2
db:ICS CERTid:ICSA-18-018-01
Trust: 0.8
db:JVNDBid:JVNDB-2017-009454
Trust: 0.8
db:CNNVDid:CNNVD-201708-493
Trust: 0.7
db:VULHUBid:VHN-103383
Trust: 0.1
db:VULMONid:CVE-2017-12822
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103383 // 
            
            
            
            VULMON: CVE-2017-12822 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009454 // 
            
            
            
            CNNVD: CNNVD-201708-493 // 
            
            
            
            NVD: CVE-2017-12822

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/
Trust: 2.6
url:http://www.securityfocus.com/bid/102906
Trust: 1.8
url:https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
Trust: 1.8
url:https://ics-cert.us-cert.gov/advisories/icsa-18-093-01
Trust: 1.8
url:https://ics-cert.us-cert.gov/advisories/icsa-18-032-03
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12822
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-18-018-01
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-093-01
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12822
Trust: 0.8
url:https://sentinelcustomer.gemalto.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103383 // 
            
            
            
            VULMON: CVE-2017-12822 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009454 // 
            
            
            
            CNNVD: CNNVD-201708-493 // 
            
            
            
            NVD: CVE-2017-12822

CREDITS
Kaspersky Labs
Trust: 0.3
sources:
            
            
            BID: 102906

SOURCES
db:VULHUBid:VHN-103383
db:VULMONid:CVE-2017-12822
db:BIDid:102906
db:JVNDBid:JVNDB-2017-009454
db:CNNVDid:CNNVD-201708-493
db:NVDid:CVE-2017-12822

LAST UPDATE DATE
2025-04-20T23:12:50.758000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-103383date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-12822date:2019-10-03T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009454date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201708-493date:2019-10-23T00:00:00
db:NVDid:CVE-2017-12822date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-103383date:2017-10-04T00:00:00
db:VULMONid:CVE-2017-12822date:2017-10-04T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009454date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201708-493date:2017-08-14T00:00:00
db:NVDid:CVE-2017-12822date:2017-10-04T01:29:02.277