CVE-2008-6737
Crysis 1.21 - 'keyexchange' Packet Information Disclosure
Severity Score
7.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
Crysis v1.21 y anteriores permite a atacantes remotos obtener información sensible del jugador como su IP mediante el envío de un paquete "keyexchange" sin un paquete previo "join", lo que produce que Crysis envíe un paquete desconectado incluyendo información del log no relacionada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-06-15 First Exploit
- 2009-04-21 CVE Reserved
- 2009-04-21 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://aluigi.altervista.org/adv/crysislog-adv.txt | X_refsource_misc | |
| http://osvdb.org/46260 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43087 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31918 | 2008-06-15 | |
| http://www.securityfocus.com/bid/29720 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/30706 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ea Search vendor "Ea" | Crysis Search vendor "Ea" for product "Crysis" | <= 1.21 Search vendor "Ea" for product "Crysis" and version " <= 1.21" | - |
Affected
| ||||||
| Ea Search vendor "Ea" | Crysis Search vendor "Ea" for product "Crysis" | 1.1 Search vendor "Ea" for product "Crysis" and version "1.1" | - |
Affected
| ||||||
| Ea Search vendor "Ea" | Crysis Search vendor "Ea" for product "Crysis" | 1.2 Search vendor "Ea" for product "Crysis" and version "1.2" | - |
Affected
| ||||||