{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T14:59:15.169","vulnerabilities":[{"cve":{"id":"CVE-2017-14452","sourceIdentifier":"talos-cna@cisco.com","published":"2018-08-23T18:29:00.280","lastModified":"2024-11-21T03:12:49.447","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable buffer overflow vulnerability exists in the PubNub message handler for the \"control\" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long \"c_r\" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad de desbordamiento de búfer explotable en el manipulador de mensajes PubNub para el canal \"control\" de Insteon Hub en su versión de firmware 1012. Las respuestas especialmente manipuladas recibidas desde el servicio PubNub pueden provocar desbordamientos de búfer en una sección global sobrescribiendo datos arbitrarios. Un strcpy desborda el búfer insteon_pubnub.channel_cc_r, el cual tiene un tamaño de 16 bytes. Un atacante puede enviar un parámetro \"c_r \" arbitrariamente largo para explotar esta vulnerabilidad. Un atacante debe suplantar PubNub y responder una petición GET HTTP para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*","matchCriteriaId":"17F98B37-72C0-48A5-A4E2-12327F48327E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*","matchCriteriaId":"951165BE-0AC1-4690-8B36-E402CA0197FB"}]}]}],"references":[{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}