CVE-2018-16527 - OpenCVE

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amazon	Amazon Web Services Freertos Freertos

Configuration 1 [-]

OR	cpe:2.3:a:amazon:amazon_web_services_freertos::::::::
	cpe:2.3:a:amazon:freertos::::::::

No data.

References

Link	Providers
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-06T23:00:00

Updated: 2024-08-05T10:24:32.866Z

Reserved: 2018-09-05T00:00:00

Link: CVE-2018-16527

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-06T23:29:00.657

Modified: 2019-01-04T00:20:03.100

Link: CVE-2018-16527

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-06T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16527", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md", "refsource": "CONFIRM", "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"}, {"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/", "refsource": "MISC", "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"}, {"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/", "refsource": "MISC", "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:24:32.866Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16527", "datePublished": "2018-12-06T23:00:00", "dateReserved": "2018-09-05T00:00:00", "dateUpdated": "2024-08-05T10:24:32.866Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:amazon_web_services_freertos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EADBC4B-05C5-4588-B0D8-DDAF318DFEB1", "versionEndIncluding": "1.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:amazon:freertos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A645BC4-5A25-47D4-BBA3-BA199C48FE3C", "versionEndIncluding": "10.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket."}, {"lang": "es", "value": "Amazon Web Services (AWS) FreeRTOS hasta la versi\u00f3n 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect permiten la divulgaci\u00f3n de informaci\u00f3n durante el an\u00e1lisis de los paquetes ICMP en prvProcessICMPPacket."}], "id": "CVE-2018-16527", "lastModified": "2019-01-04T00:20:03.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-06T23:29:00.657", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}