CVE-2018-20817

{"id": "CVE-2018-20817", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-04-19T23:29:00.303", "references": [{"url": "https://github.com/RektInator/cod-steamauth-rce", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/momo5502/cod-exploits/tree/master/steam-auth", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2."}, {"lang": "es", "value": "Fue encontrada una vulnerabilidad en SV_SteamAuthClient en varios juegos de Call of Duty de Activision Infinity Ward anteriores a 11-08-2015, falta una comprobaci\u00f3n de tama\u00f1o al leer los datos de authBlob en un b\u00fafer, lo que permite ejecutar el c\u00f3digo en el equipo de destino remoto al enviar una petici\u00f3n de autorizaci\u00f3n Steam. Esto afecta a Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2."}], "lastModified": "2019-04-22T17:10:51.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:activision:call_of_duty\\:_advanced_warfare:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C0A3987-5C01-4728-955B-A14E9F557637"}, {"criteria": "cpe:2.3:a:activision:call_of_duty\\:_black_ops_1:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D37A2C7-28DA-4831-8413-AC585D7BBC8C"}, {"criteria": "cpe:2.3:a:activision:call_of_duty\\:_blacks_ops_2:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82A90DD9-CD84-4328-9E75-CF99182BB234"}, {"criteria": "cpe:2.3:a:activision:call_of_duty\\:_ghosts:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A408B7B9-E5AB-4FDD-A933-DD1DCA9E8D6F"}, {"criteria": "cpe:2.3:a:activision:call_of_duty\\:_modern_warfare_2:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3AA778-7FA5-4A62-A93E-78695EA9996E"}, {"criteria": "cpe:2.3:a:activision:call_of_duty\\:_modern_warfare_3:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD099198-A455-4756-8DF3-6AB0B59A79C0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}