ByteOS Network

NVD Vulnerability Details :

CVE-2017-11498

Deferred

Source-cve@mitre.org

Published At-03 Oct, 2017 | 01:29

Updated At-20 Apr, 2025 | 01:37

Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

gemalto>>sentinel_ldk_rte>>2.10

cpe:2.3:a:gemalto:sentinel_ldk_rte:2.10:*:*:*:*:*:*:*

gemalto>>sentinel_ldk_rte>>3.0

cpe:2.3:a:gemalto:sentinel_ldk_rte:3.0:*:*:*:*:*:*:*

gemalto>>sentinel_ldk_rte>>7.1

cpe:2.3:a:gemalto:sentinel_ldk_rte:7.1:*:*:*:*:*:*:*

gemalto>>sentinel_ldk_rte>>7.50

cpe:2.3:a:gemalto:sentinel_ldk_rte:7.50:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/102739	cve@mitre.org	N/A
http://www.securityfocus.com/bid/102906	cve@mitre.org	N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf	cve@mitre.org	N/A
https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/	cve@mitre.org	Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01	cve@mitre.org	N/A
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01	cve@mitre.org	N/A
https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx	cve@mitre.org	Third Party Advisory
http://www.securityfocus.com/bid/102739	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/102906	af854a3a-2127-422b-91ae-364da2661108	N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf	af854a3a-2127-422b-91ae-364da2661108	N/A
https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01	af854a3a-2127-422b-91ae-364da2661108	N/A
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory