Vulnerability Details CVE-2018-16603
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.6%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/
- https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
- https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md
- https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/
- https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
- https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md
Products affected by CVE-2018-16603
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.0.0
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.1.0
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.0
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.1
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.2
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.3
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.4
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.5
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.6
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.2.7
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.3.0
-
cpe:2.3:a:amazon:amazon_web_services_freertos:1.3.1
-
cpe:2.3:a:amazon:freertos:*