CVE-2016-9570 - cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read

CVE-2016-9570

Summary

cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.

References

https://labs.nettitude.com/blog/carbon-black-security-advisories-cve-2016-9570-cve-2016-9568-and-cve-2016-9569/

Vulnerable Configurations

cpe:2.3:a:carbonblack:carbon_black:5.1.1.60603:*:*:*:*:*:*:*
cpe:2.3:a:carbonblack:carbon_black:5.1.1.60603:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 07-03-2018 - 20:41)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc

https://labs.nettitude.com/blog/carbon-black-security-advisories-cve-2016-9570-cve-2016-9568-and-cve-2016-9569/

Last major update

07-03-2018 - 20:41

Published

12-02-2018 - 18:29

Last modified

07-03-2018 - 20:41