CVE-2017-11496

high-risk
Published 2017-10-03

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.

Do I need to act?

~
8.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Sentinel Ldk Rte
Sentinel Ldk Rte
Sentinel Ldk Rte
Sentinel Ldk Rte

Affected Vendors

Gemalto

References (14)

http://www.securityfocus.com/bid/102739
http://www.securityfocus.com/bid/102906
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
Third Party Advisory https://ics-cert.kaspersky.com/alerts/2017/07/28/multiple-vulnerabilities-found-...
https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
Third Party Advisory https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017...
http://www.securityfocus.com/bid/102739
http://www.securityfocus.com/bid/102906
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
Third Party Advisory https://ics-cert.kaspersky.com/alerts/2017/07/28/multiple-vulnerabilities-found-...
https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
Third Party Advisory https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017...
52
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 10/34 · Low