Access official resources from Carbon Black experts
Product | Cb Response |
Version Reported | 5.1.1 |
Version Resolved | 5.2.6 |
Severity Rating | Low |
Exploitability | Low |
Remediation - Cloud | Cb Response 5.2.6 and greater |
Remediation - On Premises | Cb Response 5.2.6 and greater |
CVE | CVE-2016-9570 & CVE-2016-9569 |
Multiple failures to properly bounds check input have been reported in Cb Response 5.1.1 sensor for Microsoft Windows operating systems. The vulnerability has been addressed in Cb Response 5.2.6 Windows Sensor.
The vulnerability is possible only under certain conditions, as documented in the ‘Mitigating Factors’ section. The vulnerabilities are not expected to be exploitable.
Rating Type | Rating |
Severity | Low |
Exploitability | Low |
The Severity rating for this vulnerability is “Low” since the vulnerability is a crash of the CB Sensor. The Exploitability rating for this vulnerability is “Low” due to the privileged access required.
Whether you are an on-premises deployment or a cloud installation, these vulnerabilities are fully remediated by upgrading to Cb Response Sensor 5.2.6. Customers running all prior versions of the software are advised to upgrade.
The Cb Response Sensor 5.2.6 is available through the normal upgrade process.
Privileged access to the system in question is required to deliver the malformed input. Cb recommends limiting privileged access to all machines to ensure a strong security boundary is maintained.
There are no immediate workarounds for these vulnerabilities. Customers are encouraged to upgrade Cb Response Windows sensors to 5.2.6.
Carbon Black would like to thank Kyriakos Economou of Nettitude for reporting this vulnerability to the Product Security team at Carbon Black.
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.