CVE-2018-3834
published 2018-08-02CVE-2018-3834: An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via…
PriorityP339high7.4CVSS 3.1
AVNACHPRNUINSUCNIHAH
EPSS
0.51%
39.7th percentile
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| insteon | hub_firmware | — | — |
| insteon | insteon | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.7HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
nvdv2.07.8HIGHAV:N/AC:M/Au:N/C:N/I:P/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple Remote Vulnerabilities In Insteon Hub PubNub
blogs_talos·2018-06-19·CVSS 8.1
[HIGH] Vulnerability Spotlight: Multiple Remote Vulnerabilities In Insteon Hub PubNub
Vulnerabilities discovered by Claudio Bozzato of Cisco Talos
Talos is disclosing twelve new vulnerabilities in Insteon Hub, ranging from remote code execution, to denial of service. The majority of the vulnerabilities have their root cause in the unsafe usage of the strcpy() function, leading either to stack overflow or global overflow.
### Overview
Insteon Hub is a central controller, which allows an end user to use a smartphone to connect to and manage devices in their home remotely. To enable remote interaction via the internet, Insteon Hub uses an online service called PubNub.
End users install the "Insteon for Hub" application on their smartphone. Both the smartphone application and Insteon Hub include the PubNub software development kit, which allows for bidirectional communicati
Bugzilla
CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass
bugzilla·2018-10-25·CVSS 7.8
CVE-2018-18284 [HIGH] CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass
CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
References:
https://www.openwall.com/lists/oss-security/2018/10/16/2
https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b
Discussion:
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1642943]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3834 https://access.redhat.com/errata/RHSA-2018:3834
---
Statement:
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and mainten
Bugzilla
CVE-2018-18073 ghostscript: Saved execution stacks can leak operator arrays
bugzilla·2018-10-24·CVSS 7.8
CVE-2018-18073 [HIGH] CVE-2018-18073 ghostscript: Saved execution stacks can leak operator arrays
CVE-2018-18073 ghostscript: Saved execution stacks can leak operator arrays
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
References:
http://www.openwall.com/lists/oss-security/2018/10/10/12
https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
Upstream Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c
Discussion:
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1642585]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3834 https://access.redhat.com/errata/RHSA-2018:3834
---
Statement:
Red Hat Enterprise Linux 6 is no
2018-08-02
Published