CVE-2018-16596 — HIGH (7.5)

Q: How severe is CVE-2018-16596?

CVE-2018-16596 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16596?

Check the references section above for vendor advisories and patch information. Affected products include: Swisscom Internet-Box Standard Firmware, Swisscom Internet-Box 2, Swisscom Internet-Box Standard, Swisscom Internet-Box Light Firmware, Swisscom Internet-Box Light.

Vulnerability Description

A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Swisscom	Internet-Box Standard Firmware	< 09.04.00
Swisscom	Internet-Box 2	-
Swisscom	Internet-Box Standard	-
Swisscom	Internet-Box Light Firmware	< 08.05.02
Swisscom	Internet-Box Light	-
Swisscom	Internet-Box Plus Firmware	< 09.04.00
Swisscom	Internet-Box Plus	-
Swisscom	Internet-Box 2 Firmware	<= 09.04.00

Related Weaknesses (CWE)

CWE-787

References

https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-scVendor Advisory
https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-scVendor Advisory

FAQ

What is CVE-2018-16596?

CVE-2018-16596 is a vulnerability with a CVSS score of 7.5 (HIGH). A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remo...

How severe is CVE-2018-16596?

CVE-2018-16596 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16596?

Check the references section above for vendor advisories and patch information. Affected products include: Swisscom Internet-Box Standard Firmware, Swisscom Internet-Box 2, Swisscom Internet-Box Standard, Swisscom Internet-Box Light Firmware, Swisscom Internet-Box Light.