Information Disclosure in FreeRTOS and WITTENSTEIN WHIS Connect TCP/IP Component
CVE-2018-16527

5.9MEDIUM

Key Information:

Vendor

Amazon

Status
Amazon Web Services Freertos
Freertos
Vendor
CVE Published:
6 December 2018

What is CVE-2018-16527?

An information disclosure vulnerability exists in Amazon Web Services’ FreeRTOS versions up to 1.3.1 and FreeRTOS up to V10.0.1, as well as in the WITTENSTEIN WHIS Connect middleware TCP/IP component. This issue arises during the processing of ICMP packets, specifically in the function prvProcessICMPPacket, which allows attackers to obtain sensitive information from affected systems. Affected users should ensure their systems are updated and assess their network security to mitigate potential risks.

References

https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGE...
x_refsource_CONFIRM
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabi...
x_refsource_MISC
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.