Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
26 vulnerabilities by natus
VAR-201806-0543
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0543",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2852"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2852",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11030",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2852",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2852",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2852",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11030",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2852",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0354",
"trust": 3.0
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2018-11030",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013516",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F1D080-39AB-11E9-94EB-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
]
},
"id": "VAR-201806-0543",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
}
]
},
"last_update_date": "2023-12-18T12:01:51.690000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus NeuroWorks Software",
"trust": 0.8,
"url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"db": "NVD",
"id": "CVE-2017-2852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0354"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2852"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2852"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0354"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-06T00:00:00",
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"date": "2018-06-01T15:29:00.233000",
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"date": "2018-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11030"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013516"
},
{
"date": "2022-06-07T17:25:42.723000",
"db": "NVD",
"id": "CVE-2017-2852"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Xltek NeuroWorks Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11030"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-136"
}
],
"trust": 0.8
}
}
VAR-201804-0558
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0558",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2867"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-2867",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-12130",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-2867",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2867",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2867",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-12130",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-257",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2867",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0373",
"trust": 2.4
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12130",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-257",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013261",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F552EF-39AB-11E9-8A11-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
]
},
"id": "VAR-201804-0558",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12130"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12130"
}
]
},
"last_update_date": "2023-12-18T12:01:51.656000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus NeuroWorks Software",
"trust": 0.8,
"url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "NVD",
"id": "CVE-2017-2867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0373"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2867"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2867"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"date": "2018-04-05T19:29:00.423000",
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"date": "2018-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12130"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"date": "2022-06-03T19:57:35.297000",
"db": "NVD",
"id": "CVE-2017-2867"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Xltek NeuroWorks Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013261"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-257"
}
],
"trust": 0.6
}
}
VAR-201806-0541
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0541",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2858"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2858",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11031",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2858",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2858",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-135",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2858",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0362",
"trust": 3.0
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2018-11031",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-135",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013517",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F1F78F-39AB-11E9-AB38-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
]
},
"id": "VAR-201806-0541",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
}
]
},
"last_update_date": "2023-12-18T12:01:51.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus NeuroWorks Software",
"trust": 0.8,
"url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"db": "NVD",
"id": "CVE-2017-2858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0362"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2858"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2858"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0362"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-06T00:00:00",
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"date": "2018-06-01T15:29:00.267000",
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"date": "2018-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11031"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013517"
},
{
"date": "2022-06-07T17:25:46.643000",
"db": "NVD",
"id": "CVE-2017-2858"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Medical Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11031"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-135"
}
],
"trust": 0.8
}
}
VAR-201804-0557
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0557",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2861",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12129",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2861",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2861",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-12129",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-258",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2861",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0365",
"trust": 2.4
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12129",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-258",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013260",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F552EE-39AB-11E9-BDDC-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
]
},
"id": "VAR-201804-0557",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
}
]
},
"last_update_date": "2023-12-18T12:01:51.590000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus NeuroWorks Software",
"trust": 0.8,
"url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"db": "NVD",
"id": "CVE-2017-2861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0365"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2861"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2861"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"date": "2018-04-05T19:29:00.360000",
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"date": "2018-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12129"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013260"
},
{
"date": "2022-06-03T19:55:57.507000",
"db": "NVD",
"id": "CVE-2017-2861"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Xltek NeuroWorks Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12129"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-258"
}
],
"trust": 0.6
}
}
VAR-201804-0560
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0560",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2869",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-2869",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12132",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-2869",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2869",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2869",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-12132",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-255",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2869",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0375",
"trust": 2.4
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12132",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-255",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013255",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F57A00-39AB-11E9-AF80-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
]
},
"id": "VAR-201804-0560",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12132"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12132"
}
]
},
"last_update_date": "2023-12-18T12:01:51.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus NeuroWorks Software",
"trust": 0.8,
"url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "NVD",
"id": "CVE-2017-2869"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0375"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2869"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2869"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"date": "2018-04-05T19:29:00.547000",
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"date": "2018-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12132"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"date": "2022-06-03T19:57:01.757000",
"db": "NVD",
"id": "CVE-2017-2869"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Xltek NeuroWorks Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013255"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-255"
}
],
"trust": 0.6
}
}
VAR-201804-0559
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0559",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2868"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-2868",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12131",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-2868",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2868",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2868",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-12131",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-256",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2868",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0374",
"trust": 2.4
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12131",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-256",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013262",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F552F0-39AB-11E9-82E0-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
]
},
"id": "VAR-201804-0559",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12131"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12131"
}
]
},
"last_update_date": "2023-12-18T12:01:51.522000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus NeuroWorks Software",
"trust": 0.8,
"url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "NVD",
"id": "CVE-2017-2868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0374"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2868"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2868"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"date": "2018-04-05T19:29:00.487000",
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"date": "2018-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12131"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"date": "2022-06-03T19:57:17.673000",
"db": "NVD",
"id": "CVE-2017-2868"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Xltek NeuroWorks Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013262"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-256"
}
],
"trust": 0.6
}
}
VAR-201806-0542
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0542",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2860",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11032",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2860",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2860",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11032",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-134",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2860",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0364",
"trust": 3.0
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2018-11032",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013527",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F1F790-39AB-11E9-ABEC-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
]
},
"id": "VAR-201806-0542",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11032"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11032"
}
]
},
"last_update_date": "2023-12-18T12:01:51.488000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus NeuroWorks Software",
"trust": 0.8,
"url": "https://neuro.natus.com/products-services/natus-neuroworks-software"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"db": "NVD",
"id": "CVE-2017-2860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0364"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2860"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2860"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0364"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-06T00:00:00",
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"date": "2018-06-01T15:29:00.327000",
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"date": "2018-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11032"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013527"
},
{
"date": "2022-06-07T17:25:49.303000",
"db": "NVD",
"id": "CVE-2017-2860"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Xltek NeuroWorks Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-134"
}
],
"trust": 0.8
}
}
VAR-201804-0587
Vulnerability from variot - Updated: 2023-12-18 12:01An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xltek neuroworks",
"scope": "eq",
"trust": 1.6,
"vendor": "natus",
"version": "8"
},
{
"model": "neuroworks software",
"scope": "eq",
"trust": 0.8,
"vendor": "natus",
"version": "8. a"
},
{
"model": "medical natus xltek neuroworks",
"scope": "eq",
"trust": 0.6,
"vendor": "natus",
"version": "8"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.5"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.4"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.1"
},
{
"model": "xltek neuroworks/sleepworks",
"scope": "eq",
"trust": 0.3,
"vendor": "natus",
"version": "8.0"
},
{
"model": "xltek neuroworks/sleepworks gma",
"scope": "ne",
"trust": 0.3,
"vendor": "natus",
"version": "8.53"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xltek neuroworks",
"version": "8"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2853"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cory Duplantis from Cisco Talos",
"sources": [
{
"db": "BID",
"id": "104490"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-2853",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12133",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-2853",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2853",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-2853",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-12133",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-259",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2853",
"trust": 3.5
},
{
"db": "TALOS",
"id": "TALOS-2017-0355",
"trust": 2.4
},
{
"db": "BID",
"id": "104490",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSMA-18-165-01",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-259",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003913",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F57A01-39AB-11E9-8779-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
]
},
"id": "VAR-201804-0587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12133"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12133"
}
]
},
"last_update_date": "2023-12-18T12:01:51.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Natus Medical Incorporated - Natus NeuroWorks Software",
"trust": 0.8,
"url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "NVD",
"id": "CVE-2017-2853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0355"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104490"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2853"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2853"
},
{
"trust": 0.3,
"url": "http://www.natus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"db": "BID",
"id": "104490"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"date": "2018-04-05T19:29:00.313000",
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"date": "2018-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12133"
},
{
"date": "2018-06-19T00:00:00",
"db": "BID",
"id": "104490"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"date": "2022-06-03T19:55:10.157000",
"db": "NVD",
"id": "CVE-2017-2853"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Natus Xltek NeuroWorks Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003913"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-259"
}
],
"trust": 0.6
}
}
CVE-2023-47800 (GCVE-0-2023-47800)
Vulnerability from nvd – Published: 2023-11-10 00:00 – Updated: 2024-08-02 21:16- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T06:16:42.566Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
},
{
"url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47800",
"datePublished": "2023-11-10T00:00:00.000Z",
"dateReserved": "2023-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:16:43.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2860 (GCVE-0-2017-2860)
Vulnerability from nvd – Published: 2018-06-01 15:00 – Updated: 2024-09-16 18:13- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:38.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2017-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2860",
"datePublished": "2018-06-01T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:13:06.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2858 (GCVE-0-2017-2858)
Vulnerability from nvd – Published: 2018-06-01 15:00 – Updated: 2024-09-16 16:18- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:37.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2017-2858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2858",
"datePublished": "2018-06-01T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:16.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2852 (GCVE-0-2017-2852)
Vulnerability from nvd – Published: 2018-06-01 15:00 – Updated: 2024-09-17 02:31- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:29.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2017-2852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2852",
"datePublished": "2018-06-01T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:31.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2868 (GCVE-0-2017-2868)
Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:01- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:49.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2868",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:01:11.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2861 (GCVE-0-2017-2861)
Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-16 23:00- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:40.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2861",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:00:44.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2869 (GCVE-0-2017-2869)
Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-17 00:36- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:50.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2869",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:03.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2867 (GCVE-0-2017-2867)
Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:04- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:47.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2867",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:04:26.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2853 (GCVE-0-2017-2853)
Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-17 01:47- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:31.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2853",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:47:00.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47800 (GCVE-0-2023-47800)
Vulnerability from cvelistv5 – Published: 2023-11-10 00:00 – Updated: 2024-08-02 21:16- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T06:16:42.566Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
},
{
"url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47800",
"datePublished": "2023-11-10T00:00:00.000Z",
"dateReserved": "2023-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:16:43.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2860 (GCVE-0-2017-2860)
Vulnerability from cvelistv5 – Published: 2018-06-01 15:00 – Updated: 2024-09-16 18:13- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:38.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2017-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2860",
"datePublished": "2018-06-01T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:13:06.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2858 (GCVE-0-2017-2858)
Vulnerability from cvelistv5 – Published: 2018-06-01 15:00 – Updated: 2024-09-16 16:18- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:37.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2017-2858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2858",
"datePublished": "2018-06-01T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:16.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2852 (GCVE-0-2017-2852)
Vulnerability from cvelistv5 – Published: 2018-06-01 15:00 – Updated: 2024-09-17 02:31- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:29.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2017-2852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2852",
"datePublished": "2018-06-01T15:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:31.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2868 (GCVE-0-2017-2868)
Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:01- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:49.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2868",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:01:11.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2861 (GCVE-0-2017-2861)
Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-16 23:00- denial of service
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:40.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2861",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:00:44.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2869 (GCVE-0-2017-2869)
Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-17 00:36- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:50.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2869",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:03.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2867 (GCVE-0-2017-2867)
Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:04- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:17.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:47.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2867",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:04:26.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2853 (GCVE-0-2017-2853)
Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-17 01:47- remote code execution
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/104490 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Natus Medical Incorporated | Natus |
Affected:
Natus Xltek NeuroWorks 8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:09:16.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Natus",
"vendor": "Natus Medical Incorporated",
"versions": [
{
"status": "affected",
"version": "Natus Xltek NeuroWorks 8"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:23:31.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "104490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104490"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2017-2853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Natus",
"version": {
"version_data": [
{
"version_value": "Natus Xltek NeuroWorks 8"
}
]
}
}
]
},
"vendor_name": "Natus Medical Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2017-2853",
"datePublished": "2018-04-05T19:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:47:00.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}