CVE-2016-2344

{"id": "CVE-2016-2344", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-03-28T23:59:02.877", "references": [{"url": "http://www.kb.cert.org/vuls/id/732760", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id/1035426", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en manager.exe en Backburner Manager en Autodesk Backburner 2016 2016.0.0.2150 y versiones anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de un comando manipulado. NOTA: esta es s\u00f3lo una vulnerabilidad en entornos en los que el administrador no ha seguido la documentaci\u00f3n que describe los riesgos de seguridad de funcionamiento de Backburner en redes no confiables."}], "lastModified": "2016-12-03T03:25:02.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:autodesk_backburner:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E7D6896-1AF8-4AB1-AF09-41F97C911C81", "versionEndIncluding": "2016.0.0.2150"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}