Sign-up

ID

VAR-201710-1113


CVE

CVE-2017-12818


TITLE

plural Gemalto Product Sentinel LDK RTE Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009450

DESCRIPTION

Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. Gemalto Sentinel License Manager is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities. 2. Multiple heap-based buffer-overflow vulnerabilities. 3. A security bypass vulnerability. 4. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Gemalto Sentinel LDK RTE is a license management tool of American Gemalto (Gemalto). custom XML-parser is one of the XML parsers. A remote attacker could exploit this vulnerability to cause a denial of service

Trust: 2.07

sources: NVD: CVE-2017-12818 // JVNDB: JVNDB-2017-009450 // BID: 102906 // VULHUB: VHN-103378 // VULMON: CVE-2017-12818

AFFECTED PRODUCTS

vendor:sentinelmodel:ldk rtescope:lteversion:7.50

Trust: 1.0

vendor:gemalto n vmodel:sentinel ldk rtescope:ltversion:7.55

Trust: 0.8

vendor:sentinelmodel:ldk rtescope:eqversion:7.50

Trust: 0.6

vendor:gemaltomodel:sentinel ldkscope:eqversion:7.54

Trust: 0.3

vendor:gemaltomodel:sentinel haspscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:hasp srmscope:eqversion:0

Trust: 0.3

vendor:gemaltomodel:sentinel ldkscope:neversion:7.55

Trust: 0.3

sources: BID: 102906 // JVNDB: JVNDB-2017-009450 // CNNVD: CNNVD-201710-423 // NVD: CVE-2017-12818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12818
value: HIGH

Trust: 1.0

NVD: CVE-2017-12818
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-423
value: MEDIUM

Trust: 0.6

VULHUB: VHN-103378
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-12818
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12818
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-103378
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12818
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-103378 // VULMON: CVE-2017-12818 // JVNDB: JVNDB-2017-009450 // CNNVD: CNNVD-201710-423 // NVD: CVE-2017-12818

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-103378 // JVNDB: JVNDB-2017-009450 // NVD: CVE-2017-12818

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-423

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201710-423

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009450

PATCH
title:Top Pageurl:https://sentinelcustomer.gemalto.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009450

EXTERNAL IDS
db:NVDid:CVE-2017-12818
Trust: 2.9
db:ICS CERTid:ICSA-18-093-01
Trust: 2.0
db:BIDid:102906
Trust: 1.5
db:SIEMENSid:SSA-727467
Trust: 1.2
db:ICS CERTid:ICSA-18-032-03
Trust: 1.2
db:ICS CERTid:ICSA-18-018-01
Trust: 0.8
db:JVNDBid:JVNDB-2017-009450
Trust: 0.8
db:CNNVDid:CNNVD-201710-423
Trust: 0.7
db:VULHUBid:VHN-103378
Trust: 0.1
db:VULMONid:CVE-2017-12818
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103378 // 
            
            
            
            VULMON: CVE-2017-12818 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009450 // 
            
            
            
            CNNVD: CNNVD-201710-423 // 
            
            
            
            NVD: CVE-2017-12818

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-004-sentinel-ldk-rte-stack-overflow-in-custom-xml-parser-leads-to-remote-denial-of-service/
Trust: 2.6
url:http://www.securityfocus.com/bid/102906
Trust: 1.2
url:https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-18-093-01
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-18-032-03
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12818
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-18-018-01
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-093-01
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12818
Trust: 0.8
url:https://sentinelcustomer.gemalto.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-103378 // 
            
            
            
            VULMON: CVE-2017-12818 // 
            
            
            
            BID: 102906 // 
            
            
            
            JVNDB: JVNDB-2017-009450 // 
            
            
            
            CNNVD: CNNVD-201710-423 // 
            
            
            
            NVD: CVE-2017-12818

CREDITS
Kaspersky Labs
Trust: 0.3
sources:
            
            
            BID: 102906

SOURCES
db:VULHUBid:VHN-103378
db:VULMONid:CVE-2017-12818
db:BIDid:102906
db:JVNDBid:JVNDB-2017-009450
db:CNNVDid:CNNVD-201710-423
db:NVDid:CVE-2017-12818

LAST UPDATE DATE
2025-04-20T23:12:50.675000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-103378date:2018-05-11T00:00:00
db:VULMONid:CVE-2017-12818date:2018-05-11T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009450date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201710-423date:2017-11-10T00:00:00
db:NVDid:CVE-2017-12818date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-103378date:2017-10-04T00:00:00
db:VULMONid:CVE-2017-12818date:2017-10-04T00:00:00
db:BIDid:102906date:2018-02-01T00:00:00
db:JVNDBid:JVNDB-2017-009450date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201710-423date:2017-10-03T00:00:00
db:NVDid:CVE-2017-12818date:2017-10-04T01:29:02.150