cnvd - cnvd-2018-16967

CNVD-2018-16967

Vulnerability from cnvd - Published: 2018-08-30

Title

Insteon Hub权限访问控制漏洞

Description

Insteon Hub是美国Insteon公司的一款Insteon中央控制器产品。该产品可远程控制家中的灯泡、墙壁开关、空调等。使用1013版本固件的Insteon Hub中存在权限访问控制漏洞，该漏洞源于固件更新功能使用HTTP请求来检索已签名的固件二进制文件并且设备没有检测被安装的固件版本。攻击者可通过冒充远程服务器‘cache.insteon.com’并提供已签名的固件镜像利用该漏洞使用户更新低版本固件。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.insteon.com/

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0512

Impacted products

Name
INSTEON Insteon Hub 1013

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3833",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-3833"
    }
  },
  "description": "Insteon Hub\u662f\u7f8e\u56fdInsteon\u516c\u53f8\u7684\u4e00\u6b3eInsteon\u4e2d\u592e\u63a7\u5236\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u53ef\u8fdc\u7a0b\u63a7\u5236\u5bb6\u4e2d\u7684\u706f\u6ce1\u3001\u5899\u58c1\u5f00\u5173\u3001\u7a7a\u8c03\u7b49\u3002\r\n\r\n\u4f7f\u75281013\u7248\u672c\u56fa\u4ef6\u7684Insteon Hub\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u56fa\u4ef6\u66f4\u65b0\u529f\u80fd\u4f7f\u7528HTTP\u8bf7\u6c42\u6765\u68c0\u7d22\u5df2\u7b7e\u540d\u7684\u56fa\u4ef6\u4e8c\u8fdb\u5236\u6587\u4ef6\u5e76\u4e14\u8bbe\u5907\u6ca1\u6709\u68c0\u6d4b\u88ab\u5b89\u88c5\u7684\u56fa\u4ef6\u7248\u672c\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5192\u5145\u8fdc\u7a0b\u670d\u52a1\u5668\u2018cache.insteon.com\u2019\u5e76\u63d0\u4f9b\u5df2\u7b7e\u540d\u7684\u56fa\u4ef6\u955c\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u6237\u66f4\u65b0\u4f4e\u7248\u672c\u56fa\u4ef6\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.insteon.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-16967",
  "openTime": "2018-08-30",
  "products": {
    "product": "INSTEON Insteon Hub 1013"
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0512",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-27",
  "title": "Insteon Hub\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}

CVE-2018-3833 (GCVE-0-2018-3833)

Vulnerability from cvelistv5 – Published: 2018-08-23 14:00 – Updated: 2024-09-17 02:26

Summary

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.

Severity ?

8.6 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

Improper Access Control

Assigner

talos

References

URL

Tags

https://www.talosintelligence.com/vulnerability_r…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Insteon	Insteon	Affected: Insteon Hub 2245-222 - Firmware version 1013

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:57:23.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Insteon",
          "vendor": "Insteon",
          "versions": [
            {
              "status": "affected",
              "version": "Insteon Hub 2245-222 - Firmware version 1013"
            }
          ]
        }
      ],
      "datePublic": "2018-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server \u0027cache.insteon.com\u0027 and serve any signed firmware image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:04:11",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2018-06-19T00:00:00",
          "ID": "CVE-2018-3833",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Insteon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Insteon Hub 2245-222 - Firmware version 1013"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Insteon"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server \u0027cache.insteon.com\u0027 and serve any signed firmware image."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.6,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0512",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-3833",
    "datePublished": "2018-08-23T14:00:00Z",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-09-17T02:26:41.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-16967

CVE-2018-3833 (GCVE-0-2018-3833)

Tags

Sightings

Nomenclature