SB2017073102 - Two vulnerabilities in Continental AG Infineon S-Gold 2
Published: July 31, 2017
Security Bulletin ID
SB2017073102
CSH Severity
Low
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2017-9647)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code.
The weakness exists due to stack-based buffer overflow in the processing of AT commands. A local attacker with a physical connection to the TCU can trigger memory corruption and crash or execute code on the baseband radio processor of the TCU.
2) Memory corruption (CVE-ID: CVE-2017-9633)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to execute arbitrary code.
The weakness exists due to boundary error in the temporary mobile subscriber identity (TMSI). An adjacent attacker can trigger memory corruption and execute code on the baseband radio processor of the TCU.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.