CVE-2017-2869
published 2018-04-05CVE-2017-2869: An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.71%
84.1th percentile
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| natus | xltek_neuroworks | — | — |
| natus_medical_incorporated | natus | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
blogs_talos·2018-04-04
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
## Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
Vulnerabilities discovered by Cory Duplantis from Talos.
## Overview
Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data acquisition and connection to networks.
We identified a number of vulnerabilities falling into two classes:
Four code execution vulnerabilities
One denial of service vulnerability.
The first category allows code execution on the medical device through a specially crafted network packet. The second category can cause the vulnerable service to crash. The vulnerabilities can be triggered remotely without authentication.
## Disc
Talos
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
blogs_talos·2018-04-04
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
Vulnerabilities discovered by Cory Duplantis from Talos.
### Overview
Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data acquisition and connection to networks.
We identified a number of vulnerabilities falling into two classes:
- Four code execution vulnerabilities
- One denial of service vulnerability.
The first category allows code execution on the medical device through a specially crafted network packet. The second category can cause the vulnerable service to crash. The vulnerabilities can be triggered remotely without authentication.
### Discussion
Clinicians rely on accurate clinical data in order to deci
2018-04-05
Published