FKIE_CVE-2018-20817

Vulnerability from fkie_nvd - Published: 2019-04-19 23:29 - Updated: 2024-11-21 04:02
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.
References
cve@mitre.orghttps://github.com/RektInator/cod-steamauth-rceExploit, Third Party Advisory
cve@mitre.orghttps://github.com/momo5502/cod-exploits/tree/master/steam-authThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/RektInator/cod-steamauth-rceExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/momo5502/cod-exploits/tree/master/steam-authThird Party Advisory
Impacted products
Vendor Product Version
activision call_of_duty\ _advanced_warfare
activision call_of_duty\ _black_ops_1
activision call_of_duty\ _blacks_ops_2
activision call_of_duty\ _ghosts
activision call_of_duty\ _modern_warfare_2
activision call_of_duty\ _modern_warfare_3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:activision:call_of_duty\\:_advanced_warfare:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0A3987-5C01-4728-955B-A14E9F557637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:activision:call_of_duty\\:_black_ops_1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D37A2C7-28DA-4831-8413-AC585D7BBC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:activision:call_of_duty\\:_blacks_ops_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A90DD9-CD84-4328-9E75-CF99182BB234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:activision:call_of_duty\\:_ghosts:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A408B7B9-E5AB-4FDD-A933-DD1DCA9E8D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:activision:call_of_duty\\:_modern_warfare_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3AA778-7FA5-4A62-A93E-78695EA9996E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:activision:call_of_duty\\:_modern_warfare_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD099198-A455-4756-8DF3-6AB0B59A79C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2."
    },
    {
      "lang": "es",
      "value": "Fue encontrada una vulnerabilidad en SV_SteamAuthClient en varios juegos de Call of Duty de Activision Infinity Ward anteriores a 11-08-2015, falta una comprobaci\u00f3n de tama\u00f1o al leer los datos de authBlob en un b\u00fafer, lo que permite ejecutar el c\u00f3digo en el equipo de destino remoto al enviar una petici\u00f3n de autorizaci\u00f3n  Steam. Esto afecta a Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2."
    }
  ],
  "id": "CVE-2018-20817",
  "lastModified": "2024-11-21T04:02:14.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-19T23:29:00.303",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/RektInator/cod-steamauth-rce"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/momo5502/cod-exploits/tree/master/steam-auth"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/RektInator/cod-steamauth-rce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/momo5502/cod-exploits/tree/master/steam-auth"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.