Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities

Bugtraq ID:	104490
Class:	Input Validation Error
CVE:	CVE-2017-2852 CVE-2017-2860 CVE-2017-2861 CVE-2017-2853 CVE-2017-2867 CVE-2017-2868 CVE-2017-2869 CVE-2017-2858
Remote:	Yes
Local:	No
Published:	Jun 19 2018 12:00AM
Updated:	Jun 19 2018 12:00AM
Credit:	Cory Duplantis from Cisco Talos
Vulnerable:	Natus Xltek NeuroWorks/SleepWorks 8.5 Natus Xltek NeuroWorks/SleepWorks 8.4 Natus Xltek NeuroWorks/SleepWorks 8.1 Natus Xltek NeuroWorks/SleepWorks 8.0
Not Vulnerable:	Natus Xltek NeuroWorks/SleepWorks 8.5 GMA 3

Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities

Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities:

1. Multiple stack-based buffer-overflow vulnerabilities
2. Multiple denial-of-service vulnerabilities

An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed attacks will cause denial of service conditions.

Xltek NeuroWorks/SleepWorks 8 are vulnerable.

Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Natus Xltek NeuroWorks/SleepWorks ICSMA-18-165-01 Multiple Security Vulnerabilities

References:

• Natus Homepage (Natus)
  
• ICSMA-18-165-01 Natus Xltek NeuroWorks (CERT)