PT-2017-12050 · Gemalto · Sentinel Ldk+2
Published
2017-10-02
·
Updated
2018-05-11
·
CVE-2017-11496
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gemalto ACC (Admin Control Center) versions HASP SRM 2.10 through Sentinel LDK 7.50
Description
The issue is related to a stack buffer overflow in the hasplms component, which can be exploited by remote attackers. This is achieved through the use of malformed ASN.1 streams in V2C and similar input files, allowing the execution of arbitrary code.
Recommendations
For versions HASP SRM 2.10 through Sentinel LDK 7.50, consider disabling the hasplms component until a patch is available to prevent the execution of arbitrary code via malformed input files.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gemalto Acc
Hasp Srm
Sentinel Ldk