CVE-2015-2868
published 2017-01-06CVE-2015-2868: An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.84%
93.2th percentile
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trane | comfortlink_ii_firmware | — | — |
| trane | comfortlink_ii_scc_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized requests sent to the Trane ComfortLink II DSS service; the vulnerability is triggered by overly long requests (e.g., REG) that overflow a fixed-size stack buffer — monitor for abnormally large DSS service payloads. ↗
- →Two distinct code paths are exploitable under CVE-2015-2868 (TALOS-2016-0026 and TALOS-2016-0027); detection rules should cover both separate request paths to the DSS service. ↗
- →A Metasploit module exists for CVE-2015-2868; monitor for Metasploit-generated exploit traffic targeting the Trane ComfortLink II DSS service. ↗
- →Block or alert on SSH traffic to/from Trane ComfortLink II thermostats as a compensating control, particularly for devices that cannot be updated. ↗
- ·CVE-2015-2868 covers two distinct vulnerabilities (TALOS-2016-0026 and TALOS-2016-0027) following separate code paths in the DSS service; a single CVE identifier should not be assumed to represent a single exploit path. ↗
- ·The vulnerability was confirmed on firmware version 2.0.2; devices running firmware 4.0.3 or later are patched, but unpatched devices may still be in the field due to lack of vendor advisory communication. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
The Internet of Things Is Not Always So Comforting
blogs_talos·2016-02-08
The Internet of Things Is Not Always So Comforting
This post is authored by Alex Chiu.
Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them "smarter," and making our lives more convenient than ever before.
Despite the new possibilities, there are major concerns about the IoT which inspire a legitimate question: "What happens if it's not 'done right' and there are major vulnerabilities with the product?"
The unfortunate truth is that securing internet-enabled devices is not always a high priority among vendors and manufacturers. Some manufactures do not have the necessary infrastructure to inform the pub
Talos
The Internet of Things Is Not Always So Comforting
blogs_talos·2016-02-08
The Internet of Things Is Not Always So Comforting
## The Internet of Things Is Not Always So Comforting
This post is authored by Alex Chiu .
Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them "smarter," and making our lives more convenient than ever before.
Despite the new possibilities, there are major concerns about the IoT which inspire a legitimate question: " What happens if it's not 'done right' and there are major vulnerabilities with the product? "
The unfortunate truth is that securing internet-enabled devices is not always a high priority among vendors and manufacturers. Some manufactures
2017-01-06
Published