Stack-based buffer overflow in Meinberg products - CVE-2016-3988
Published: June 29, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU56
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3988
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Meinberg
Affected software:
LCES
SyncFire 1100
LANTIME M100
LANTIME M200
LANTIME M400
LANTIME M600
LANTIME M900
IMS-LANTIME M500
IMS-LANTIME M1000
LCES
SyncFire 1100
LANTIME M100
LANTIME M200
LANTIME M400
LANTIME M600
LANTIME M900
IMS-LANTIME M500
IMS-LANTIME M1000
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error while parsing nine different parameters in POST request in function.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists due to boundary error while parsing nine different parameters in POST request in function.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2016-3988
Meinberg has produced a new firmware Version 6.20.004.