CVE Vulnerability

CVE-2018-20817

SV_SteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern Warfare 2, Call of Duty: Modern Warfare 3, Call of Duty: Ghosts, Call of Duty: Advanced Warfare, Call of Duty: Black Ops 1, and Call of Duty: Black Ops 2.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/RektInator/cod-steamauth-rce Exploit Third Party Advisory
https://github.com/momo5502/cod-exploits/tree/master/steam-auth Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:activision:call_of_duty:_modern_warfare_2:-:*:*:*:*:*:*:*
cpe:2.3:a:activision:call_of_duty:_modern_warfare_3:-:*:*:*:*:*:*:*
cpe:2.3:a:activision:call_of_duty:_ghosts:-:*:*:*:*:*:*:*
cpe:2.3:a:activision:call_of_duty:_advanced_warfare:-:*:*:*:*:*:*:*
cpe:2.3:a:activision:call_of_duty:_black_ops_1:-:*:*:*:*:*:*:*
cpe:2.3:a:activision:call_of_duty:_blacks_ops_2:-:*:*:*:*:*:*:*
Information

Published : 2019-04-19 11:29

Updated : 2019-04-22 05:10

NVD link : CVE-2018-20817

Mitre link : CVE-2018-20817

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer