Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    26 vulnerabilities by natus

    VAR-201806-0543

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0543",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2852",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2852",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-11030",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2852",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2852",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2852",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-11030",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-136",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple  denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the  context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2852",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0354",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F1D080-39AB-11E9-94EB-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ]
      },
      "id": "VAR-201806-0543",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.690000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0354"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2852"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2852"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0354"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-06T00:00:00",
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "date": "2018-06-01T15:29:00.233000",
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "date": "2018-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013516"
          },
          {
            "date": "2022-06-07T17:25:42.723000",
            "db": "NVD",
            "id": "CVE-2017-2852"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Xltek NeuroWorks Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11030"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1d080-39ab-11e9-94eb-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-136"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201804-0558

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0558",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2867",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2867",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2018-12130",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2867",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2867",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2867",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12130",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-257",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of  service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2867",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0373",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F552EF-39AB-11E9-8A11-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ]
      },
      "id": "VAR-201804-0558",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.656000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0373"
          },
          {
            "trust": 1.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2867"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2867"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e2f552ef-39ab-11e9-8a11-000c29342cb1"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "date": "2018-04-05T19:29:00.423000",
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "date": "2018-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12130"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "date": "2022-06-03T19:57:35.297000",
            "db": "NVD",
            "id": "CVE-2017-2867"
          },
          {
            "date": "2022-06-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Xltek NeuroWorks Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013261"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-257"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201806-0541

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0541",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2858",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2858",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-11031",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2858",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2858",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2858",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-11031",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-135",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple  denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the  context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2858",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0362",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F1F78F-39AB-11E9-AB38-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ]
      },
      "id": "VAR-201806-0541",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.622000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0362"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2858"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2858"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0362"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-06T00:00:00",
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "date": "2018-06-01T15:29:00.267000",
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "date": "2018-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013517"
          },
          {
            "date": "2022-06-07T17:25:46.643000",
            "db": "NVD",
            "id": "CVE-2017-2858"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Medical Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11031"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f78f-39ab-11e9-ab38-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-135"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201804-0557

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0557",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2861",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2861",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12129",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2861",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2861",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2861",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12129",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-258",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple  denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the  context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2861",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0365",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F552EE-39AB-11E9-BDDC-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ]
      },
      "id": "VAR-201804-0557",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.590000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0365"
          },
          {
            "trust": 1.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2861"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2861"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "date": "2018-04-05T19:29:00.360000",
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "date": "2018-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013260"
          },
          {
            "date": "2022-06-03T19:55:57.507000",
            "db": "NVD",
            "id": "CVE-2017-2861"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Xltek NeuroWorks Denial of service vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552ee-39ab-11e9-bddc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12129"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-258"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0560

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0560",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2869",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2869",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12132",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2f57a00-39ab-11e9-af80-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2869",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2869",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2869",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12132",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-255",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2f57a00-39ab-11e9-af80-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of  service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2869",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0375",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F57A00-39AB-11E9-AF80-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ]
      },
      "id": "VAR-201804-0560",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.556000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0375"
          },
          {
            "trust": 1.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2869"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2869"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e2f57a00-39ab-11e9-af80-000c29342cb1"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "date": "2018-04-05T19:29:00.547000",
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "date": "2018-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12132"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "date": "2022-06-03T19:57:01.757000",
            "db": "NVD",
            "id": "CVE-2017-2869"
          },
          {
            "date": "2022-06-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Xltek NeuroWorks Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013255"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-255"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0559

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0559",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2868",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2868",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12131",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2868",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2868",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2868",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12131",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-256",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of  service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2868",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0374",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F552F0-39AB-11E9-82E0-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ]
      },
      "id": "VAR-201804-0559",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.522000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0374"
          },
          {
            "trust": 1.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2868"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2868"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e2f552f0-39ab-11e9-82e0-000c29342cb1"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "date": "2018-04-05T19:29:00.487000",
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "date": "2018-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12131"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "date": "2022-06-03T19:57:17.673000",
            "db": "NVD",
            "id": "CVE-2017-2868"
          },
          {
            "date": "2022-06-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Xltek NeuroWorks Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013262"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-256"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201806-0542

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0542",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2860",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2860",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-11032",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2f1f790-39ab-11e9-abec-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-2860",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2860",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2860",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-11032",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-134",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2f1f790-39ab-11e9-abec-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple  denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the  context of the affected application. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2860",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0364",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F1F790-39AB-11E9-ABEC-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ]
      },
      "id": "VAR-201806-0542",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.488000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "https://neuro.natus.com/products-services/natus-neuroworks-software"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0364"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 1.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2860"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2860"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0364"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-06T00:00:00",
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "date": "2018-06-01T15:29:00.327000",
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "date": "2018-06-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11032"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          },
          {
            "date": "2022-06-07T17:25:49.303000",
            "db": "NVD",
            "id": "CVE-2017-2860"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Xltek NeuroWorks Vulnerable to out-of-bounds reading",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013527"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f1f790-39ab-11e9-abec-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-134"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201804-0587

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Failed attacks will cause denial of service conditions. Xltek NeuroWorks/SleepWorks 8 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0587",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "xltek neuroworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "neuroworks software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "natus",
            "version": "8. a"
          },
          {
            "model": "medical natus xltek neuroworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "natus",
            "version": "8"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.5"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.4"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.1"
          },
          {
            "model": "xltek neuroworks/sleepworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.0"
          },
          {
            "model": "xltek neuroworks/sleepworks gma",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "natus",
            "version": "8.53"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "xltek neuroworks",
            "version": "8"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:natus:xltek_neuroworks:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cory Duplantis from Cisco Talos",
        "sources": [
          {
            "db": "BID",
            "id": "104490"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-2853",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-2853",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-12133",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2f57a01-39ab-11e9-8779-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-2853",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2853",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-2853",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-12133",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-259",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2f57a01-39ab-11e9-8779-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Failed attacks will cause denial of  service conditions. \nXltek NeuroWorks/SleepWorks 8 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2853",
            "trust": 3.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0355",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "104490",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-165-01",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F57A01-39AB-11E9-8779-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ]
      },
      "id": "VAR-201804-0587",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:51.454000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Natus Medical Incorporated - Natus NeuroWorks Software",
            "trust": 0.8,
            "url": "http://www.natus.com/index.cfm?page=products_1\u0026crid=1055"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0355"
          },
          {
            "trust": 1.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-165-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/104490"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2853"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2853"
          },
          {
            "trust": 0.3,
            "url": "http://www.natus.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "db": "BID",
            "id": "104490"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "IVD",
            "id": "e2f57a01-39ab-11e9-8779-000c29342cb1"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "date": "2018-04-05T19:29:00.313000",
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "date": "2018-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-12133"
          },
          {
            "date": "2018-06-19T00:00:00",
            "db": "BID",
            "id": "104490"
          },
          {
            "date": "2018-06-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "date": "2022-06-03T19:55:10.157000",
            "db": "NVD",
            "id": "CVE-2017-2853"
          },
          {
            "date": "2022-06-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Natus Xltek NeuroWorks Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-259"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-47800 (GCVE-0-2023-47800)

    Vulnerability from nvd – Published: 2023-11-10 00:00 – Updated: 2024-08-02 21:16
    VLAI
    Summary
    Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:16:43.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-10T06:16:42.566Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
            },
            {
              "url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-47800",
        "datePublished": "2023-11-10T00:00:00.000Z",
        "dateReserved": "2023-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T21:16:43.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2860 (GCVE-0-2017-2860)

    Vulnerability from nvd – Published: 2018-06-01 15:00 – Updated: 2024-09-16 18:13
    VLAI
    Summary
    An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Talos Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.283Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:38.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2017-2860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2860",
        "datePublished": "2018-06-01T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:06.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2858 (GCVE-0-2017-2858)

    Vulnerability from nvd – Published: 2018-06-01 15:00 – Updated: 2024-09-16 16:18
    VLAI
    Summary
    An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Talos Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:37.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2017-2858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2858",
        "datePublished": "2018-06-01T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:18:16.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2852 (GCVE-0-2017-2852)

    Vulnerability from nvd – Published: 2018-06-01 15:00 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Talos Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:16.752Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:29.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2017-2852",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2852",
        "datePublished": "2018-06-01T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:31.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2868 (GCVE-0-2017-2868)

    Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:01
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:49.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2868",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:01:11.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2861 (GCVE-0-2017-2861)

    Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-16 23:00
    VLAI
    Summary
    An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:40.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2861",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2861",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:00:44.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2869 (GCVE-0-2017-2869)

    Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:50.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2869",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2869",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:03.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2867 (GCVE-0-2017-2867)

    Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:47.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2867",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 9,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2867",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:26.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2853 (GCVE-0-2017-2853)

    Vulnerability from nvd – Published: 2018-04-05 19:00 – Updated: 2024-09-17 01:47
    VLAI
    Summary
    An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:16.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:31.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2853",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:47:00.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47800 (GCVE-0-2023-47800)

    Vulnerability from cvelistv5 – Published: 2023-11-10 00:00 – Updated: 2024-08-02 21:16
    VLAI
    Summary
    Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:16:43.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-10T06:16:42.566Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt"
            },
            {
              "url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-47800",
        "datePublished": "2023-11-10T00:00:00.000Z",
        "dateReserved": "2023-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T21:16:43.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2860 (GCVE-0-2017-2860)

    Vulnerability from cvelistv5 – Published: 2018-06-01 15:00 – Updated: 2024-09-16 18:13
    VLAI
    Summary
    An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Talos Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.283Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:38.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2017-2860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0364"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2860",
        "datePublished": "2018-06-01T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:13:06.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2858 (GCVE-0-2017-2858)

    Vulnerability from cvelistv5 – Published: 2018-06-01 15:00 – Updated: 2024-09-16 16:18
    VLAI
    Summary
    An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Talos Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:37.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2017-2858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0362"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2858",
        "datePublished": "2018-06-01T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:18:16.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2852 (GCVE-0-2017-2852)

    Vulnerability from cvelistv5 – Published: 2018-06-01 15:00 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Talos Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:16.752Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Talos",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:29.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2017-2852",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Talos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354",
                  "refsource": "MISC",
                  "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0354"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2852",
        "datePublished": "2018-06-01T15:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:31.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2868 (GCVE-0-2017-2868)

    Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:01
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:49.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0374"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2868",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:01:11.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2861 (GCVE-0-2017-2861)

    Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-16 23:00
    VLAI
    Summary
    An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:40.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2861",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7.5,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0365"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2861",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:00:44.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2869 (GCVE-0-2017-2869)

    Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:50.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2869",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0375"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2869",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:03.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2867 (GCVE-0-2017-2867)

    Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-16 19:04
    VLAI
    Summary
    An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:17.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:47.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2867",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 9,
                "baseSeverity": "Critical",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2867",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:04:26.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2853 (GCVE-0-2017-2853)

    Vulnerability from cvelistv5 – Published: 2018-04-05 19:00 – Updated: 2024-09-17 01:47
    VLAI
    Summary
    An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.
    CWE
    • remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Natus Medical Incorporated Natus Affected: Natus Xltek NeuroWorks 8
    Create a notification for this product.
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:09:16.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104490",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104490"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Natus",
              "vendor": "Natus Medical Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "Natus Xltek NeuroWorks 8"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T18:23:31.000Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "104490",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104490"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "talos-cna@cisco.com",
              "DATE_PUBLIC": "2018-04-04T00:00:00",
              "ID": "CVE-2017-2853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Natus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Natus Xltek NeuroWorks 8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Natus Medical Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 10,
                "baseSeverity": null,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104490",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104490"
                },
                {
                  "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355",
                  "refsource": "MISC",
                  "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2017-2853",
        "datePublished": "2018-04-05T19:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:47:00.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }