Sign-up

ID

VAR-201308-0246


CVE

CVE-2013-4217


TITLE

Intel Wireless WiMAX Connection 2400 for Intel WiMAX Network Service Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-003889

DESCRIPTION

The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file. wimax-ns is prone to multiple security vulnerabilities including; 1. An insecure file-permission issue 2. Multiple information-disclosure issues 3. Multiple buffer-overflow issues Attackers can exploit these issues to disclose sensitive information and execute arbitrary code on the affected device. Failed exploit attempts will result in a denial-of-service condition. Intel WiMAX Network Service is a network service of Intel Corporation that integrates 802.16 wireless metropolitan area network technology. A local attacker could exploit this vulnerability to obtain sensitive information by reading log files

Trust: 1.98

sources: NVD: CVE-2013-4217 // JVNDB: JVNDB-2013-003889 // BID: 61696 // VULHUB: VHN-64219

AFFECTED PRODUCTS

vendor:intelmodel:wimax network servicescope:lteversion:1.5.2

Trust: 1.8

vendor:intelmodel:wimax network servicescope:eqversion:1.5.0

Trust: 1.6

vendor:intelmodel:wimax network servicescope:eqversion:1.5.2

Trust: 0.6

vendor:intelmodel:wimax-nsscope:eqversion:0

Trust: 0.3

sources: BID: 61696 // JVNDB: JVNDB-2013-003889 // CNNVD: CNNVD-201308-374 // NVD: CVE-2013-4217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4217
value: LOW

Trust: 1.0

NVD: CVE-2013-4217
value: LOW

Trust: 0.8

CNNVD: CNNVD-201308-374
value: LOW

Trust: 0.6

VULHUB: VHN-64219
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-4217
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-64219
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64219 // JVNDB: JVNDB-2013-003889 // CNNVD: CNNVD-201308-374 // NVD: CVE-2013-4217

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-64219 // JVNDB: JVNDB-2013-003889 // NVD: CVE-2013-4217

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201308-374

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201308-374

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003889

PATCH
title:Bug 911121url:https://bugzilla.redhat.com/show_bug.cgi?id=911121
Trust: 0.8
title:Bug 995160url:https://bugzilla.redhat.com/show_bug.cgi?id=995160
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003889

EXTERNAL IDS
db:NVDid:CVE-2013-4217
Trust: 2.8
db:OPENWALLid:OSS-SECURITY/2013/08/08/17
Trust: 1.7
db:JVNDBid:JVNDB-2013-003889
Trust: 0.8
db:CNNVDid:CNNVD-201308-374
Trust: 0.7
db:MLISTid:[OSS-SECURITY] 20130808 RE: CVE REQUEST -- FOUR FLAWS IN WIMAX (AFAIK UPSTREAM IS DEAD FOR THIS)
Trust: 0.6
db:BIDid:61696
Trust: 0.3
db:VULHUBid:VHN-64219
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64219 // 
            
            
            
            BID: 61696 // 
            
            
            
            JVNDB: JVNDB-2013-003889 // 
            
            
            
            CNNVD: CNNVD-201308-374 // 
            
            
            
            NVD: CVE-2013-4217

REFERENCES
url:https://bugzilla.redhat.com/show_bug.cgi?id=911121
Trust: 2.0
url:http://www.openwall.com/lists/oss-security/2013/08/08/17
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4217
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4217
Trust: 0.8
url:https://bugzilla.redhat.com/show_bug.cgi?id=911122
Trust: 0.3
url:https://bugzilla.redhat.com/show_bug.cgi?id=911126
Trust: 0.3
url:https://bugzilla.redhat.com/show_bug.cgi?id=911129
Trust: 0.3
url:http://seclists.org/oss-sec/2013/q3/326
Trust: 0.3
url:https://github.com/ago/wimax-ns
Trust: 0.3
sources:
            
            
            VULHUB: VHN-64219 // 
            
            
            
            BID: 61696 // 
            
            
            
            JVNDB: JVNDB-2013-003889 // 
            
            
            
            CNNVD: CNNVD-201308-374 // 
            
            
            
            NVD: CVE-2013-4217

CREDITS
Florian Weimer of Red Hat Product Security Team
Trust: 0.3
sources:
            
            
            BID: 61696

SOURCES
db:VULHUBid:VHN-64219
db:BIDid:61696
db:JVNDBid:JVNDB-2013-003889
db:CNNVDid:CNNVD-201308-374
db:NVDid:CVE-2013-4217

LAST UPDATE DATE
2025-04-11T22:48:41.381000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64219date:2013-08-26T00:00:00
db:BIDid:61696date:2013-08-08T00:00:00
db:JVNDBid:JVNDB-2013-003889date:2013-08-27T00:00:00
db:CNNVDid:CNNVD-201308-374date:2013-09-03T00:00:00
db:NVDid:CVE-2013-4217date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-64219date:2013-08-25T00:00:00
db:BIDid:61696date:2013-08-08T00:00:00
db:JVNDBid:JVNDB-2013-003889date:2013-08-27T00:00:00
db:CNNVDid:CNNVD-201308-374date:2013-08-29T00:00:00
db:NVDid:CVE-2013-4217date:2013-08-25T03:27:32.870