cvelistv5 - cve-2015-2868

CVE-2015-2868 (GCVE-0-2015-2868)

Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-06 05:32

Summary

Severity ?

No CVSS data available.

CWE

buffer overflow

Assigner

certcc

References

URL

Tags

	http://www.securityfocus.com/bid/95118	vdb-entryx_refsource_BID
	http://www.talosintelligence.com/reports/TALOS-20…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Trane	ComfortLink II SCC firmware	Affected: 2.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:19.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95118",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95118"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ComfortLink II SCC firmware",
          "vendor": "Trane",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.2"
            }
          ]
        }
      ],
      "datePublic": "2016-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-09T10:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "95118",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95118"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ComfortLink II SCC firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trane"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95118",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95118"
            },
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0027/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-2868",
    "datePublished": "2017-01-06T21:00:00",
    "dateReserved": "2015-04-03T00:00:00",
    "dateUpdated": "2024-08-06T05:32:19.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25C2D7CF-A6C4-4D3E-9359-5879960ADC26\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo explotable en el firmware de Trane ComfortLink II versi\\u00f3n 2.0.2 en el servicio DSS. Un atacante que pueda conectarse al servicio DSS en el dispositivo Trane ComfortLink II puede enviar una solicitud REG excesivamente larga que puede desbordar un b\\u00fafer en pila de tama\\u00f1o fijo, resultando en la ejecuci\\u00f3n de c\\u00f3digo arbitrario.\\\"\"}]",
      "id": "CVE-2015-2868",
      "lastModified": "2024-11-21T02:28:14.147",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-06T21:59:00.197",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95118\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0027/\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0027/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2868\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-01-06T21:59:00.197\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo explotable en el firmware de Trane ComfortLink II versi\u00f3n 2.0.2 en el servicio DSS. Un atacante que pueda conectarse al servicio DSS en el dispositivo Trane ComfortLink II puede enviar una solicitud REG excesivamente larga que puede desbordar un b\u00fafer en pila de tama\u00f1o fijo, resultando en la ejecuci\u00f3n de c\u00f3digo arbitrario.\\\"\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25C2D7CF-A6C4-4D3E-9359-5879960ADC26\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95118\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0027/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0027/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2015-2868

Vulnerability from fkie_nvd - Published: 2017-01-06 21:59 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/95118
cret@cert.org	http://www.talosintelligence.com/reports/TALOS-2016-0027/	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95118
af854a3a-2127-422b-91ae-364da2661108	http://www.talosintelligence.com/reports/TALOS-2016-0027/	Exploit, Technical Description, Third Party Advisory

Impacted products

	Vendor	Product	Version
	trane	comfortlink_ii_firmware	2.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C2D7CF-A6C4-4D3E-9359-5879960ADC26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo explotable en el firmware de Trane ComfortLink II versi\u00f3n 2.0.2 en el servicio DSS. Un atacante que pueda conectarse al servicio DSS en el dispositivo Trane ComfortLink II puede enviar una solicitud REG excesivamente larga que puede desbordar un b\u00fafer en pila de tama\u00f1o fijo, resultando en la ejecuci\u00f3n de c\u00f3digo arbitrario.\""
    }
  ],
  "id": "CVE-2015-2868",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-06T21:59:00.197",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/95118"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201701-0612

Vulnerability from variot - Updated: 2023-12-18 13:53

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. Trane ComfortLink II is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Trane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0612",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "comfortlink ii",
        "scope": "eq",
        "trust": 2.5,
        "vendor": "trane",
        "version": "2.0.2"
      },
      {
        "model": "comfortlink ii",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "train",
        "version": "2.0.2"
      },
      {
        "model": "comfortlink ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "trane",
        "version": "4.0.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "db": "BID",
        "id": "95118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matt Watchinski and Christopher McBee of Cisco Talos",
    "sources": [
      {
        "db": "BID",
        "id": "95118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-2868",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-2868",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-04346",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-80829",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-2868",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2868",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-04346",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201606-543",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80829",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80829"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution. Trane ComfortLink II is a set of connection control components used in home intelligence systems by Trane Company, UK. Trane ComfortLink II is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. \nTrane ComfortLink II 2.0.2 is vulnerable; other versions may also be affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "db": "BID",
        "id": "95118"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80829"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2868",
        "trust": 3.4
      },
      {
        "db": "TALOS",
        "id": "TALOS-2016-0027",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "95118",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-80829",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80829"
      },
      {
        "db": "BID",
        "id": "95118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ]
  },
  "id": "VAR-201701-0612",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80829"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:53:09.267000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "TALOS-2016-0028",
        "trust": 0.8,
        "url": "http://www.talosintelligence.com/reports/talos-2016-0028/"
      },
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://www.jp.trane.com/ja.html"
      },
      {
        "title": "Patch for Trane ComfortLink II Stack Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/78241"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80829"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.2,
        "url": "http://www.talosintel.com/reports/talos-2016-0027"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/95118"
      },
      {
        "trust": 1.1,
        "url": "http://www.talosintelligence.com/reports/talos-2016-0027/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2868"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2868"
      },
      {
        "trust": 0.3,
        "url": "https://www.trane.com/residential/en/resources/smart-home-automation/installing-upgrading.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.talosintelligence.com/reports/talos-2016-0027/ "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80829"
      },
      {
        "db": "BID",
        "id": "95118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80829"
      },
      {
        "db": "BID",
        "id": "95118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "date": "2017-01-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80829"
      },
      {
        "date": "2016-02-08T00:00:00",
        "db": "BID",
        "id": "95118"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "date": "2017-01-06T21:59:00.197000",
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "date": "2015-02-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04346"
      },
      {
        "date": "2017-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80829"
      },
      {
        "date": "2017-01-12T00:07:00",
        "db": "BID",
        "id": "95118"
      },
      {
        "date": "2017-01-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      },
      {
        "date": "2017-01-11T02:59:00.713000",
        "db": "NVD",
        "id": "CVE-2015-2868"
      },
      {
        "date": "2017-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trane ComfortLink II Firmware  DSS Service Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007324"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-543"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-04346

Vulnerability from cnvd - Published: 2016-06-29

Title

Trane ComfortLink II栈缓冲区溢出漏洞

Description

Trane ComfortLink II是英国Trane公司的一套用于家庭智能系统中的连接控制组件。使用2.0.2版本固件的Trane ComfortLink II中存在栈缓冲区溢出漏洞。远程攻击者可通过发送较长的REG请求利用该漏洞导致栈缓冲区溢出，执行任意代码。

Severity

中

Patch Name

Trane ComfortLink II栈缓冲区溢出漏洞的补丁

Patch Description

Trane ComfortLink II是英国Trane公司的一套用于家庭智能系统中的连接控制组件。使用2.0.2版本固件的Trane ComfortLink II中存在栈缓冲区溢出漏洞。远程攻击者可通过发送较长的REG请求利用该漏洞导致栈缓冲区溢出，执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://www.trane.com/

Reference

http://www.talosintel.com/reports/TALOS-2016-0027

Impacted products

Name
Trane ComfortLink II 2.0.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2868"
    }
  },
  "description": "Trane ComfortLink II\u662f\u82f1\u56fdTrane\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5bb6\u5ead\u667a\u80fd\u7cfb\u7edf\u4e2d\u7684\u8fde\u63a5\u63a7\u5236\u7ec4\u4ef6\u3002\r\n\r\n\u4f7f\u75282.0.2\u7248\u672c\u56fa\u4ef6\u7684Trane ComfortLink II\u4e2d\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u8f83\u957f\u7684REG\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Matt Watchinski and Christopher McBee of Cisco Talos",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.trane.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04346",
  "openTime": "2016-06-29",
  "patchDescription": "Trane ComfortLink II\u662f\u82f1\u56fdTrane\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5bb6\u5ead\u667a\u80fd\u7cfb\u7edf\u4e2d\u7684\u8fde\u63a5\u63a7\u5236\u7ec4\u4ef6\u3002\r\n\r\n\u4f7f\u75282.0.2\u7248\u672c\u56fa\u4ef6\u7684Trane ComfortLink II\u4e2d\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u8f83\u957f\u7684REG\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trane ComfortLink II\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Trane ComfortLink II 2.0.2"
  },
  "referenceLink": "http://www.talosintel.com/reports/TALOS-2016-0027",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-24",
  "title": "Trane ComfortLink II\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GSD-2015-2868

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2868

Aliases

CVE-2015-2868

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2868",
    "description": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.",
    "id": "GSD-2015-2868"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2868"
      ],
      "details": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.",
      "id": "GSD-2015-2868",
      "modified": "2023-12-13T01:20:00.341985Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-2868",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ComfortLink II SCC firmware",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trane"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "buffer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "95118",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95118"
          },
          {
            "name": "http://www.talosintelligence.com/reports/TALOS-2016-0027/",
            "refsource": "MISC",
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:trane:comfortlink_ii_firmware:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2868"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0027/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027/"
            },
            {
              "name": "95118",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/95118"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-01-11T02:59Z",
      "publishedDate": "2017-01-06T21:59Z"
    }
  }
}

GHSA-RGGX-GPG5-F3H9

Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2025-04-20 03:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-06T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.",
  "id": "GHSA-rggx-gpg5-f3h9",
  "modified": "2025-04-20T03:30:47Z",
  "published": "2022-05-17T03:05:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2868"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95118"
    },
    {
      "type": "WEB",
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2868 (GCVE-0-2015-2868)

FKIE_CVE-2015-2868

VAR-201701-0612

CNVD-2016-04346

GSD-2015-2868

GHSA-RGGX-GPG5-F3H9

Tags

Sightings

Nomenclature